Switching to Secure Boot
From Rosalab Wiki
Revision as of 15:58, 23 December 2014 by CaptainFlint (Talk | contribs)
If you already have ROSA Desktop Fresh R4 or R5 installed in UEFI mode and want to turn Secure Boot mode on without reinstalling, please, follow the steps below.
- Update your system so that
grub2
andgrub2-efi
packages were of version 2.00-67 or higher. - Install
shim
or update it to the latest version (0.8-1 or higher) if it is already installed. - Make sure that you have EFI partition mounted at /boot/efi.
- Reinstall the bootloader (
/dev/sdXY
here is your EFI partition):
# grub2-efi-install /dev/sdXY
- Update the grub config files:
# update-grub2
Now you can reboot, go to the BIOS settings and switch Secure Boot on.
P.S. Please, note that even though ROSA boots in Secure Boot mode, it cannot be treated as trusted platform. The kernel is not signed, and when it is loaded, the Secure Boot services are exited from and can no longer provide protection from loading untrusted code.