| From: Peter King via talk <[email protected]> | On Mon, Jul 27, 2020 at 01:57:02PM -0400, D. Hugh Redelmeier via talk wrote:
| > Odd: googling seems to suggest that the only way to turn off SB on Asus | > boards is to delete the PK key. If you are going to do this, please save | > the key first in case you need to restore it. | ... I'll save the key | in several places just in case. The key is a Public Key. It isn't a secret. You can probably copy it from any modern PC in the universe, assuming it is formatted identically. So extreme care may not be needed. Typing it in would be painful. | I guess Arch Linux doesn't have any arrangment with Microsoft. As I understand it, Arch would only have to talk to Red Hat. My guess is that Arch would have to present a binary to be signed by RH, and then shim.efi would be willing to load it. But the process is fairly rigid so as not to dilute the meaning of Secure Boot. So user-built kernels probably cannot be loaded. Nor can kernels with tainted drivers. You could add your own key to the firmware setup. Then you could sign your own kernels. I don't know of any individual being that fastidious. --- Post to this mailing list [email protected] Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
