[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Install Guide vs. Secure Boot

Hopefully this is already changed in the Bullseye install guide, but if not, I
don't think I will learn how to make edits before Bullseye releases.

The Buster install guide says in Section 3.6.3 
https://www.debian.org/releases/stable/amd64/ch03s06.en.html#UEFI

   Another UEFI-related topic is the so-called “secure boot”
   mechanism.  Secure boot means a function of UEFI implementations that
   allows the firmware to only load and execute code that is
   cryptographically signed with certain keys and thereby blocking any
   (potentially malicious) boot code that is unsigned or signed with
   unknown keys.  In practice the only key accepted by default on most
   UEFI systems with secure boot is a key from Microsoft used for signing
   the Windows bootloader.  As the boot code used by debian-installer is not 
   signed by Microsoft, booting the installer requires prior deactivation of
   secure boot in case it is enabled.

My test on a recent weekly-build testing netinst seems to show that the above is
no longer correct -- it booted fine for me in UEFI/SecureBoot mode.  I thought I
remembered reading (somewhere) that all recent debian installers (and live
systems??) can boot in legacy BIOS mode or UEFI mode with or without secure
boot.
Reply to: