On Tuesday, August 15, 2017 at 9:23:14 PM UTC-4, Wim Vervoorn wrote: > -----Original Message----- > From: taii...@gmx.com [mailto:taii...@gmx.com] > Sent: Tuesday, August 15, 2017 2:50 AM > To: Wim Vervoorn <wvervo...@eltan.com>; qubes-users > <qubes-users@googlegroups.com> > Cc: raahe...@gmail.com > Subject: Re: [qubes-users] UEFI secureboot issue > > Secure boot is a stupid Microsoft controlled project to eventually remove the > ability for commercial PC's to run non windows operating systems. > > SB 1.0 specs mandate owner controlled (an option to shut it off), SB2.0 > doesn't and PC's built to that spec such as the Windows 10 ARM PC's and MS's > "signature series" PC's prevent you from installing non microsoft operating > systems. > > "Secure" boot is simply a marketing name for kernel code signing, you can > easily do this with coreboot and a grub payload (grub supports kernel > signing). > > SB doesn't stop virii as that wasn't what it was designed to do, preventing > rootkits from modding the kernel is irrelevant as you can simply change > another critical system file of which there are many on windows. > > Kernel code signing is only useful in an AEM context with an encrypted > filesystem but unencrypted kernels. > > I myself have a variety of owner controlled fully libre firmware devices such > as the KGPE-D16 and KCMA-D8 asus motherboards, those two are the only ones > that offer full libre functionality along with high performance - they also > run qubes great - having 32 cores and 128GB ram is excellent for it. > Please note these are the only owner controlled devices that support > v4.0 (purism isn't owner controlled and their firmware isn't and can't ever > be open source) Another neat feature is an addon user configurable CRTM TPM > module (very rare). > > As always I offer free tech support for libre motherboards if you wish to buy > one. > > ** > > Hello, > > Basically I am not asking for some type of religious war on Secure Boot. All > I am basically asking for is if the executables provided in the Qubes > distribution are signed and if so which keys have been used. > > If they are not and we should sign them ourselves (either for grub or > secureboot) this is good to know as well. > > Best regards, > > Wim Vervoorn
If you get it to work, I'm sure alot of users would love a tutorial if you have the time. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2c9cbfb4-cd7b-40de-aa3e-7ff5e9387e07%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.