Jeffrey Walton wrote:
>> * SecureBoot should be turned off if using tainted kernel drivers. Or,
>> you can cutover to driver signing. I usually turn off SecureBoot
>> because I don't like messing around with driver signing. In my case,
>> it usually is due to VirtualBox, not NVIDIA.
Stephen Morris:
> As my system is a tri-boot between Windows 11, Fedora 39 and Ubuntu
> 22.04, and Windows doesn't seem to work properly with UEFI disabled,
> I've gone down the path of signing the nvidia drivers under Fedora and
> Ubuntu, using separate passwords as I found using the same password
> causes thing to not work properly.
>
UEFI is a hardware interface (simplifying that description quite a lot)
between the PC's hardware, firmware, and the OS before it boots, and
the control screens it gives you for you to configure things. It's an
update on the similiar, but more primitive, thing done with the old
BIOS.
Secure boot is a *separate* thing (though probably only exists on
systems with UEFI). It's to do with only booting up from signed
binaries (to verify that only authentic things can run, blocking any
fake things that have snuck in).
A problem with Secure Boot is that there are real and genuine things
you may want to use that are not signed (such as some graphics card
drivers). One solution to that is to sign them yourself, with a
signature that you let things know that *you* trust.
("Signed" in these contexts is to do with cryptographic keys.)
Though again, it could be that Windows won't boot without secure boot
options set, not UEFI being disabled (not that I've seen a motherboard
where you could disable UEFI and go back to BIOS). That and the TPM
hardware that's touted as being more fantastic than it really is.
As a home user you may feel that this security is kinda pointless, as
no-one else is going to touch your PC and sneak things in. And
anything nasty that does get in is going to get in by your own
behaviour doing unwise things, for which you're going to ignore and
disable any warnings not to do it. To that degree, that's true. And
the same can be said about AntiVirus, SELinux, file permissions and
ownership. But where such security features can help, is when you
start to do something unwise without realising it, it blocks you, and
you properly investigate the reasons.
--
uname -rsvp
Linux 3.10.0-1160.102.1.el7.x86_64 #1 SMP Tue Oct 17 15:42:21 UTC 2023 x86_64
Boilerplate: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
--
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
