[sf-lug] Fedora dealing with UEFI

Rick Moen rick at linuxmafia.com
Sat Jun 2 14:15:16 PDT 2012

Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):

> Fedora Linux capitulates to Microsoft boot certificate

No.  That's simply wrong.

   A system in custom mode should allow you to delete all existing keys
   and replace them with your own. After that it's just a matter of
   re-signing the Fedora bootloader (like I said, we'll be providing
   tools and documentation for that) and you'll have a computer that will
   boot Fedora but which will refuse to boot any Microsoft code.


(You provided that link, but I'm guessing you didn't stop to read it.)

A machine with UEFI Secure Boot[1] enforced in the boot firmware is no
longer a general-purpose computer, and so you shouldn't purchase one
unless you're prepared to either deal with its enforcement mechanisms or
reflash your BIOS with something more tractible (such as Coreboot,
http://www.coreboot.org/).  'Dealing with its enforcement mechanisms'
can mean putting the BIOS into custom mode and loading it with your
_own_ code signatures, as Matthew Garrett mentions above.

[1] Your subject header notwithstanding, the problem is not UEFI itself,
but rather UEFI Secure Boot.

More information about the sf-lug mailing list