Presented by:

tsu-root

from Cybertrust Japan Co., Ltd.

FOSS enthualist, Prefer to like use various GNU/Linux distribution for work pc and private.

No video of the event yet, sorry!

Slide: https://speakerdeck.com/htsurumoto/a-way-your-distro-to-support-secure-boot

In modern computing environment, if you build own linux kernel, or bootloader for your needs or your user's needs, these are not boot by default since security feature is there, the UEFI Secure Boot.
Secure Boot require that bootloaders are digital signed by each hardware vendor(Platform Key) or the one commonly used big OS-vendor(Microsoft) CA.
Power users can disable Secure Boot from UEFI settings and knows it's risk, but not reasonable.
In other words, your homebrewed shim(first-stage UEFI bootloader) should be signed by Microsoft's UEFI CA.

To get Microsoft sign, you shall pass the shim review process, but it's not as easy as seems, and not quick.

In this talk, I will explain the following points:

  • What is shim?
  • Tools for Secure Boot
  • Lack of review resource
  • Why creating, forking, derivative a own new distribution is last resort

Date:
2024 November 3 - 15:00
Duration:
20 min
Room:
Room B
Language:
English
Track:
Cross Distro
Difficulty:
Easy

Happening at the same time:

  1. Developing an application for GNOME in Rust
  2. Start Time:
    2024 November 3 15:00

    Room:
    Room A

  3. Carbon Footprint Reduction through Cycling: Strava API Approach
  4. Start Time:
    2024 November 3 15:00

    Room:
    Room C