Difference between revisions of "Switching to Secure Boot"
From Rosalab Wiki
CaptainFlint (Talk | contribs) (Created page with "If you already have ROSA Desktop Fresh R4 or R5 installed in UEFI mode and want to turn Secure Boot mode on without reinstalling, please, follow the steps below. * Update you...") |
CaptainFlint (Talk | contribs) |
||
Line 1: | Line 1: | ||
If you already have ROSA Desktop Fresh R4 or R5 installed in UEFI mode and want to turn Secure Boot mode on without reinstalling, please, follow the steps below. | If you already have ROSA Desktop Fresh R4 or R5 installed in UEFI mode and want to turn Secure Boot mode on without reinstalling, please, follow the steps below. | ||
− | * Update your system so that <code>grub2</code> | + | * Update your system so that <code>grub2</code> and <code>grub2-efi</code> packages were of version 2.00-67 or higher. |
* Install <code>shim</code> or update it to the latest version (0.8-1 or higher) if it is already installed. | * Install <code>shim</code> or update it to the latest version (0.8-1 or higher) if it is already installed. | ||
* Make sure that you have EFI partition mounted at /boot/efi. | * Make sure that you have EFI partition mounted at /boot/efi. | ||
Line 11: | Line 11: | ||
Now you can reboot, go to the BIOS settings and switch Secure Boot on. | Now you can reboot, go to the BIOS settings and switch Secure Boot on. | ||
− | P.S. Please, note that even though ROSA boots in Secure Boot mode, it cannot be treated as trusted platform. The kernel is not signed, and | + | P.S. Please, note that even though ROSA boots in Secure Boot mode, it cannot be treated as trusted platform. The kernel is not signed, and when it is loaded, the Secure Boot services are exited from and can no longer provide protection from loading untrusted code. |
Revision as of 22:30, 22 December 2014
If you already have ROSA Desktop Fresh R4 or R5 installed in UEFI mode and want to turn Secure Boot mode on without reinstalling, please, follow the steps below.
- Update your system so that
grub2
andgrub2-efi
packages were of version 2.00-67 or higher. - Install
shim
or update it to the latest version (0.8-1 or higher) if it is already installed. - Make sure that you have EFI partition mounted at /boot/efi.
- Reinstall the bootloader (
/dev/sdXY
here is your EFI partition):
# grub2-efi-install /dev/sdXY
- Update the grub config files:
# update-grub2
Now you can reboot, go to the BIOS settings and switch Secure Boot on.
P.S. Please, note that even though ROSA boots in Secure Boot mode, it cannot be treated as trusted platform. The kernel is not signed, and when it is loaded, the Secure Boot services are exited from and can no longer provide protection from loading untrusted code.