Difference between revisions of "Switching to Secure Boot"

From Rosalab Wiki
Jump to: navigation, search
(Created page with "If you already have ROSA Desktop Fresh R4 or R5 installed in UEFI mode and want to turn Secure Boot mode on without reinstalling, please, follow the steps below. * Update you...")
 
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
If you already have ROSA Desktop Fresh R4 or R5 installed in UEFI mode and want to turn Secure Boot mode on without reinstalling, please, follow the steps below.
 
If you already have ROSA Desktop Fresh R4 or R5 installed in UEFI mode and want to turn Secure Boot mode on without reinstalling, please, follow the steps below.
  
* Update your system so that <code>grub2</code> anf <code>grub2-efi</code> packages were of version 2.00-67 or higher.
+
* Update your system so that <code>grub2</code> and <code>grub2-efi</code> packages were of version 2.00-67 or higher.
 
* Install <code>shim</code> or update it to the latest version (0.8-1 or higher) if it is already installed.
 
* Install <code>shim</code> or update it to the latest version (0.8-1 or higher) if it is already installed.
 
* Make sure that you have EFI partition mounted at /boot/efi.
 
* Make sure that you have EFI partition mounted at /boot/efi.
Line 11: Line 11:
 
Now you can reboot, go to the BIOS settings and switch Secure Boot on.
 
Now you can reboot, go to the BIOS settings and switch Secure Boot on.
  
P.S. Please, note that even though ROSA boots in Secure Boot mode, it cannot be treated as trusted platform. The kernel is not signed, and therefore Secure Boot is exited when kernel is being loaded.
+
P.S. Please, note that even though ROSA boots in Secure Boot mode, it cannot be treated as trusted platform. The kernel is not signed, and when it is loaded, the Secure Boot services are exited from and can no longer provide protection from loading untrusted code.
 +
 
 +
[[en:Switching to Secure Boot]]
 +
[[ru:Включение Secure Boot]]

Latest revision as of 15:58, 23 December 2014

If you already have ROSA Desktop Fresh R4 or R5 installed in UEFI mode and want to turn Secure Boot mode on without reinstalling, please, follow the steps below.

  • Update your system so that grub2 and grub2-efi packages were of version 2.00-67 or higher.
  • Install shim or update it to the latest version (0.8-1 or higher) if it is already installed.
  • Make sure that you have EFI partition mounted at /boot/efi.
  • Reinstall the bootloader (/dev/sdXY here is your EFI partition):
# grub2-efi-install /dev/sdXY
  • Update the grub config files:
# update-grub2

Now you can reboot, go to the BIOS settings and switch Secure Boot on.

P.S. Please, note that even though ROSA boots in Secure Boot mode, it cannot be treated as trusted platform. The kernel is not signed, and when it is loaded, the Secure Boot services are exited from and can no longer provide protection from loading untrusted code.