shim boot loader

Here is the place were the team and the community projects meet together. Help us to develop SolydXK projects or contribute your ideas for future releases.
User avatar
ilu
Posts: 2490
Joined: 09 Oct 2013 12:45

shim boot loader

Postby ilu » 22 Sep 2018 21:13

Arjen, what do you think about the shim package to enable secure boot? I've seen that Ubuntu uses a shim bootloader but after reading this https://wiki.debian.org/SecureBoot I'm totally confused. https://www.rodsbooks.com/efi-bootloade ... .html#shim has a more hands-on explanations but I still don't understand how Ubuntu implemented this and how this correlates with https://wiki.debian.org/SecureBoot. I remember that I was able to self-sign (?) a grub boot file some years ago without much hassle and without any Microsoft involvement because the UEFI had a mechanism for that. I don't think shim was present at that time in Debian. But the Debian discussion seems to be only about Microsoft certificates.

Does anybody have more information? What are the pros and cons?

User avatar
Arjen Balfoort
Site Admin
Posts: 9280
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: shim boot loader

Postby Arjen Balfoort » 23 Sep 2018 10:05

That is way to technical for me, I'm afraid. :oops:
I bet it needs a lot more than just install shim on the ISOs...


SolydXK needs you!
Development | Testing | Translations

User avatar
ilu
Posts: 2490
Joined: 09 Oct 2013 12:45

Re: shim boot loader

Postby ilu » 24 Sep 2018 14:36

The lack of a signed secure boot lader is causing this problem https://forums.solydxk.com/viewtopic.ph ... 021#p68988. I think it is not even possible to install Win 10 without secure boot but I'm not sure because I don't have it. The problem will spread with increasing Win10 installs.

I'm wondering why debian doesn't have any guidance/status on this (https://bugs.debian.org/cgi-bin/bugrepo ... bug=820036 got derailed by spam since 2016) and why I can't find anything about how exactly Ubuntu does it. Isn't there a distro developer mailing list where you could ask? I'll try to ask in our hackspace.


kurotsugi
Posts: 2228
Joined: 09 Jan 2014 00:17

Re: shim boot loader

Postby kurotsugi » 25 Sep 2018 00:28

grub2-signed seems will never exist. the shim will act as middle man between the bios and the actual bootloader (grub). since debian doesn't support it yet, nothing much we can do except wait until it officially supported. though, since it will replace grub's boot entry part, I don't know how will we implement it on the livecd and the installer.


Return to “Suggestions & ideas / Open Projects”

Who is online

Users browsing this forum: No registered users and 2 guests