A way your distro to support Secure Boot
tsu-root
FOSS enthualist, Prefer to like use various GNU/Linux distribution for work pc and private.
No video of the event yet, sorry!
Slide: https://speakerdeck.com/htsurumoto/a-way-your-distro-to-support-secure-boot
In modern computing environment, if you build own linux kernel, or bootloader
for your needs or your user's needs, these are not boot by default since security feature is there, the UEFI Secure Boot.
Secure Boot require that bootloaders are digital signed by each hardware vendor(Platform Key) or the one commonly used big OS-vendor(Microsoft) CA.
Power users can disable Secure Boot from UEFI settings and knows it's risk, but not reasonable.
In other words, your homebrewed shim(first-stage UEFI bootloader) should be signed by Microsoft's UEFI CA.
To get Microsoft sign, you shall pass the shim review process, but it's not as easy as seems, and not quick.
In this talk, I will explain the following points:
- What is shim?
- Tools for Secure Boot
- Lack of review resource
- Why creating, forking, derivative a own new distribution is last resort
- Date:
- 2024 November 3 - 15:00
- Duration:
- 20 min
- Room:
- Room B
- Conference:
- openSUSE.Asia Summit 2024
- Language:
- English
- Track:
- Cross Distro
- Difficulty:
- Easy
- Developing an application for GNOME in Rust
- Start Time:
- 2024 November 3 15:00
- Room:
- Room A
- Carbon Footprint Reduction through Cycling: Strava API Approach
- Start Time:
- 2024 November 3 15:00
- Room:
- Room C