Re: [CentOS] Secure boot
I've filed bugs on the CentOS and Red Hat bug trackers. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Secure boot
On 09/17/2015 12:46 PM, Akemi Yagi wrote: I also suspect this is a grub2 issue. Perhaps, you may want to file a bug report [against grub2] at http://bugs.centos.org so that this can be followed properly. Yeah, I just figured out how to query the signature of the new and previous grub image. The new one is signed with "Red Hat Test Certificate" [root@vagrant ~]# pesign --show-signature --in /var/tmp/grub2-16/boot/efi/EFI/centos/grubx64.efi - certificate address is 0x7fb81b3cb808 Content was not encrypted. Content is detached; signature cannot be verified. The signer's common name is Red Hat Inc. No signer email address. Signing time: Thu Mar 26, 2015 There were certs or crls included. - [root@vagrant ~]# pesign --show-signature --in /var/tmp/grub2-17/boot/efi/EFI/centos/grubx64.efi - certificate address is 0x7fde869bd808 Content was not encrypted. Content is detached; signature cannot be verified. The signer's common name is Red Hat Test Certificate No signer email address. Signing time: Tue Sep 15, 2015 There were certs or crls included. - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Secure boot
On Wed, Sep 16, 2015 at 4:09 PM, Gordon Messmer wrote: > After updates to grub2 and kernel in CentOS 7, today, systems will no longer > boot in Secure Boot mode. I'm not positive, but I think grub2 is the > culprit. I also suspect this is a grub2 issue. Perhaps, you may want to file a bug report [against grub2] at http://bugs.centos.org so that this can be followed properly. Akemi ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Secure boot
After updates to grub2 and kernel in CentOS 7, today, systems will no longer boot in Secure Boot mode. I'm not positive, but I think grub2 is the culprit. Is anyone else seeing the same problem? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] secure boot.
On 08/23/2012 06:56 AM, Dennis Jacobfeuerborn wrote: > On 08/23/2012 10:39 AM, John Doe wrote: >> From: Jimmy Bradley >>> I've been reading up some about the new "secure boot" that's >>> coming out on new machines when MS releases Win 8. Has a workaround been >>> developed yet for those of us who don't want to run windows? Typically, >>> I mostly build my own desktops, and I install cent os right from the >>> start, but sometimes I do buy a desktop, and naturally it comes with >>> windows on it, so I have to do a wipe and load, to get rid of windows. >> >> First, the manufacturer can/should decide to let the user enable/disable >> secure boot in the bios... > > Actually at least for X86 hardware the Microsoft certification guidelines > *mandate* that the secure boot can be disabled. > > Regards, >Dennis > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > So I gather that MS plans to abandon the X86 platform and move over to supporting ARM. They think, "Let Linux have the X86. It will die after we abandon it leaving them with nothing to run on." The evil empire lives. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registerd Linux user No #267004 www.counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] secure boot.
On 08/23/2012 10:39 AM, John Doe wrote: > From: Jimmy Bradley >> I've been reading up some about the new "secure boot" that's >> coming out on new machines when MS releases Win 8. Has a workaround been >> developed yet for those of us who don't want to run windows? Typically, >> I mostly build my own desktops, and I install cent os right from the >> start, but sometimes I do buy a desktop, and naturally it comes with >> windows on it, so I have to do a wipe and load, to get rid of windows. > > First, the manufacturer can/should decide to let the user enable/disable > secure boot in the bios... Actually at least for X86 hardware the Microsoft certification guidelines *mandate* that the secure boot can be disabled. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] secure boot.
From: Jimmy Bradley > I've been reading up some about the new "secure boot" that's >coming out on new machines when MS releases Win 8. Has a workaround been >developed yet for those of us who don't want to run windows? Typically, >I mostly build my own desktops, and I install cent os right from the >start, but sometimes I do buy a desktop, and naturally it comes with >windows on it, so I have to do a wipe and load, to get rid of windows. First, the manufacturer can/should decide to let the user enable/disable secure boot in the bios... As for linux, from memory, different distributions chose different paths... I think RedHat will apparently buy a key from verisign and Canonical has decided to use their own key. I think they need to use non GPL boot loaders (to protect the key I guess), so no grub2... JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] secure boot.
On 23 August 2012 05:51, Jimmy Bradley wrote: > I've been reading up some about the new "secure boot" that's > coming out on new machines when MS releases Win 8. Has a workaround been > developed yet for those of us who don't want to run windows? Typically, > I mostly build my own desktops, and I install cent os right from the > start, but sometimes I do buy a desktop, and naturally it comes with > windows on it, so I have to do a wipe and load, to get rid of windows. > On X86 you will be able to disable the secure boot so you can then install what you want - not such a big deal It's ARM (which is not currently supported of course) which is the questionable one... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] secure boot.
I've been reading up some about the new "secure boot" that's coming out on new machines when MS releases Win 8. Has a workaround been developed yet for those of us who don't want to run windows? Typically, I mostly build my own desktops, and I install cent os right from the start, but sometimes I do buy a desktop, and naturally it comes with windows on it, so I have to do a wipe and load, to get rid of windows. Jim ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
