On Tue, Oct 23, 2012 at 11:05 AM, Mark Hounschell
On 10/23/2012 10:52 AM, Greg Freemyer wrote:
On Tue, Oct 23, 2012 at 9:43 AM, Tony
wrote: With the upcoming UEFI and Secure Boot WIndows 8 etc....
UEFI Secure Boot is scheduled to be incorporated into opensuse 12.3 (Currently due in March 2013). It might be in factory before that if you critically have to have it.
The process is to manually disable Secure Boot in the bios, boot from opensuse CD. It will install a Secure Boot key/extension which will opensuse to boot.
Manually re-enable secure boot. The opensuse kernels should now be recognized and allow boot.
Greg
Does this mean we won't be able to run any kernels other than opensuse kernels?
Mark
Mark, Quick answer (that I expect most kernel hackers to use): The spec calls for x86 PCs to have a bios option to disable UEFI Secure Boot. With that disabled, you can do what you please. Long answer (which assumes Secure Boot is enabled): This is linux. The SUSE team is doing its very best to make sure you are still in control. Fortunately, they are also contributing their solution to openSUSE. Hopefully you know about private and public keys. Private keys are used to sign, public keys to authenticate. (You will not have access to the openSUSE private key, so you won't be able to sign kernels with it.) opensuse is developing an open/extensible solution that will leverage their private key by installing their public key into a Secure Boot key database. If you have a true need to sign your own kernels, then I assume you can get a copy of the extensible Secure Boot module that openSUSE is developing and use it to install your own public key to the secure boot key database. Then you will need to sign your kernels with your private key. I can see large enterprises wanting to implement a policy that only kernels signed by the enterprise can be used. From my understanding , the UEFI Secure Boot process combined with the SUSE extensions would allow that to be done. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org