Difference between revisions of "Switching to Secure Boot"

From Rosalab Wiki
Jump to: navigation, search
 
Line 12: Line 12:
  
 
P.S. Please, note that even though ROSA boots in Secure Boot mode, it cannot be treated as trusted platform. The kernel is not signed, and when it is loaded, the Secure Boot services are exited from and can no longer provide protection from loading untrusted code.
 
P.S. Please, note that even though ROSA boots in Secure Boot mode, it cannot be treated as trusted platform. The kernel is not signed, and when it is loaded, the Secure Boot services are exited from and can no longer provide protection from loading untrusted code.
 +
 +
[[en:Switching to Secure Boot]]
 +
[[ru:Включение Secure Boot]]

Latest revision as of 15:58, 23 December 2014

If you already have ROSA Desktop Fresh R4 or R5 installed in UEFI mode and want to turn Secure Boot mode on without reinstalling, please, follow the steps below.

  • Update your system so that grub2 and grub2-efi packages were of version 2.00-67 or higher.
  • Install shim or update it to the latest version (0.8-1 or higher) if it is already installed.
  • Make sure that you have EFI partition mounted at /boot/efi.
  • Reinstall the bootloader (/dev/sdXY here is your EFI partition):
# grub2-efi-install /dev/sdXY
  • Update the grub config files:
# update-grub2

Now you can reboot, go to the BIOS settings and switch Secure Boot on.

P.S. Please, note that even though ROSA boots in Secure Boot mode, it cannot be treated as trusted platform. The kernel is not signed, and when it is loaded, the Secure Boot services are exited from and can no longer provide protection from loading untrusted code.