SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
And, though I have yet to test this, could this be useful for Slackware on some level to work with SecureBoot, especially with the upcoming Windows 11 requirements and Dual-Booting scenarios?
It looks, though vaguely, it requires a few additional packages.
Most importantly though, could it be scripted for post-install procedures from the Installation Media?
I could see where it would be beneficial for a corporate environment. (or for those who dual-boot.)
My brother-in-law works at a huge computer shop on Beijing.
Out of curiosity, one month ago I asked him to verify the ability to disable Secure Boot on the computers they sell as brand new.
From what he said, 75% of laptops on sale as brand new has no ability to disable Secure Boot.
If Mr. Volkerding intends after 5 years of development to release a Slackware 15.0 which is not compatible with 75% of today sold laptops, is his call.
But with all respect, I think this will be shooting himself on the leg.
Last edited by ZhaoLin1457; 07-17-2021 at 05:47 PM.
^ For such a machine, you can use a self signed key as mentioned in the article in the OP.
I will never buy any computer hardware which is locked to Microsoft. Never.
It's not so much as it's locking it to Microsoft. It's the OEM not recognizing the need of Dual-Booting or an OS replacement since most laptops are generally used in different scenarios than a desktop. Even then, finding this article means that it wouldn't be locked anyway. You would still have the SecureBoot capabilities and ability to generate a certificate.
It's not so much as it's locking it to Microsoft. It's the OEM not recognizing the need of Dual-Booting or an OS replacement since most laptops are generally used in different scenarios than a desktop. Even then, finding this article means that it wouldn't be locked anyway. You would still have the SecureBoot capabilities and ability to generate a certificate.
Imagine John Doe who bought 6 months ago a cool and cheap Windows laptop, who decides to try Linux. He as zero experience with Linux, but he heard about it and wants to try it.
How he read that Slackware is the probably the best, he download the Slackware 15.0 iso and Rufus. Then makes an USB stick and tries to boot it and fails, because there is no Secure Boot support.
He tries further and finds out the LiveSlak, so he download it and prepare an USB stick with Rufus. Tries to boot it and fails, because there is no Secure Boot support.
What suggestions you can offer to this guy for installing Slackware for first time?
Yeah, looks like the Slackware Team does NOT want new users...
Last edited by LuckyCyborg; 07-17-2021 at 08:41 PM.
The issue will be up to Patrick, but people will have to say it's needed enough. This wouldn't be a bad thing though, and it would guarantee Slackware some flexibility to newer systems, but again, this is Patrick's decision. However, in past cases where something was needed to ensure operability, it generally gets added anyway. I would suggest we move this to the Slackware 15.0 post to request it there.
After reading that Debian Wiki, seem like a lot of effort just to get your machine to boot especially if you are using and initrd and upgrading kernels frequently (like with -current).
At this point I am glad I don't have to worry about it yet.
After reading that Debian Wiki, seem like a lot of effort just to get your machine to boot especially if you are using and initrd and upgrading kernels frequently (like with -current).
At this point I am glad I don't have to worry about it yet.
True enough. Although, with proper scripting, even a script created to handle eLILO, SysLinux, or Grub would be able to automate the process, as would a kernel post-install scripts for the package.
As long as it can be scripted, even with an nCurses prompt, it can work. That's the important part.
I guess my approval (not that it matters for the distro in any way) would be based on whether or not the shim could be not used for those who turn SecureBoot off or don't dual boot. Like if it's an all or nothing sort of thing, I'm not sure how to feel about it.
I guess my approval (not that it matters for the distro in any way) would be based on whether or not the shim could be not used for those who turn SecureBoot off or don't dual boot. Like if it's an all or nothing sort of thing, I'm not sure how to feel about it.
If anything, if it's disabled in the BIOS, it shouldn't matter if it's used or not. The cert would still be there, but the system wouldn't be in enforcement mode.
Example: Certain older versions of Windows 10 wouldn't sign the kernel if it was disabled, and if you enabled SecureBoot, the system wouldn't function. All modern versions of Windows 10 now sign the kernels anyway regardless if SecureBoot is enabled or disabled. At least as far as 21H2, I've seen it's signed because every time I have updated my BIOS, by default it's not enabled, but when re-enabled, it still boots.
And how you try this WHEN you have Windows 10 on computer and a non Secure Boot aware Slackware or LiveSlak ISO?
Those ISOs themselves should be Secure Boot aware to have a chance to boot them and install Slackware on a computer where is not possible to disable Secure Boot.
Last edited by LuckyCyborg; 07-19-2021 at 02:35 PM.
And how you try this WHEN you have Windows 10 on computer and a non Secure Boot aware Slackware or LiveSlak ISO?
Those ISOs themselves should be Secure Boot aware to have a chance to boot them and install Slackware on a computer where is not possible to disable Secure Boot.
Exactly. The idea is to have SecureBoot ready kernels enabled by default, ready to deploy for systems that have SecureBoot as required and unable to be turned off, and have a script and toolset able to sign an installed/updated kernel, post-install.
This is to ensure interoperability with any system, even those that still have SecureBoot optional. Eventually, SecureBoot is going to be a norm sadly, so best to prevent a problem before it becomes a problem.
And how you try this WHEN you have Windows 10 on computer and a non Secure Boot aware Slackware or LiveSlak ISO?
Those ISOs themselves should be Secure Boot aware to have a chance to boot them and install Slackware on a computer where is not possible to disable Secure Boot.
But you know the only way for this ISO to work with the default UEFI keys is signing the ISO files by MS?
Good luck with this!
AFAIK if You want Secure Boot with any Linux distribution, then You must have hardware with UEFI BIOS which is capable to add Your own keys.
Apparently some manufacturers add Ubuntu keys.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Slackware and SecureBoot
