Thanks for confirming that this is one area where computing has not much changed in ten years, allowing the original concerns to stand.
Ever considered that people who use Slackware like it because it does not always run with the pack? Or that they might happily do the work for themselves?

1 members found this post helpful.

About what running with the pack you talk?

We should be proud that Slackware is incapable to run in a brand new computer, where openSUSE, Ubuntu or Fedora will happily run?

I know that I repeat myself, but it's all about acceptance or artificial refusal of functioning on certain hardware, which certainly is quite capable to run Slackware otherwise.

And about what "people who use Slackware" you talk? Those one hundred die-hard (including me) who still hangs on this forum?

I will tell you something factual: 10 years ago I lived in a community of around 30 users of Slackware.

Today, from this community from past I am the single one who still use it. And this along with openSUSE and Ubuntu.

From what I seen, the people might NOT be so happy to do the work for themselves.

Well, the reality is that you're free to use Fedora if you want secureboot control keys, which will enable you to stop whining about Slackware not having implemented a questionable function.

Sounds like you're more busy wanting "everyone to be the same", than promoting choice and freedom.

1 members found this post helpful.

I don't think that Slackware users wanting secureboot is in question.
Slackware users just want to use Slackware.
If for using Slackware one needs secureboot, you have the following options:

1. Slackware secures (buys) keys from microsoft
2. User must jump through hoops to get their own keys recognized through shims and whatnot
3. Restrict your Slackware use to older hardware OR some OEM that decides to allow disabling secureboot
4. Change distros

Regardless, this will not be a "problem" in the immediate future.

It's not as bad as that! If you use shim, you create and enroll one MOK key. Then you use that key to sign each new kernel. I think you may also need to sign those modules that your kernel will be using. That's all. As sensible people always keep the previous kernel in place as a fallback, there's not much risk of bricking the system.

My business class Lenovo V145 15AST laptop dares to differ...

I bought this somewhat expensive laptop for my elder son after entering on High School, it was shipped with Windows 10 Pro and my son installed on dual-boot also openSUSE. On all fairness, he tried first to install Slackware-current, with my help.

The surprise is that on this laptop the Secure Boot cannot be disabled and the Slackware installation effectively does not boot.

We can talk 100 pages about freedom and choices, fact is that Slackware is not compatible with my laptop, which I bought it brand-new around half a year ago.

Also, how my son needs the Windows for school, I do not want to mess with its UEFI BIOS.

And after looking around, looks like there lots of computers like it on sales - Secure Boot only.

PS. the attached image is for reference only, and as difference, my laptop has a Russian keyboard, but I do not think that matters for the discussion.

Attached Thumbnails

 

So how does OpenSuse boot? Does it use shim and mokmanager, or has it installed its own alternative EFI key? Either way you should be able to sign your Slackware kernel in the same way.

When you first boot the openSUSE installation kit (an USB drive in my care) there's MokManager which ask you to import a certificate. After importing it, openSUSE never remind you regarding Secure Boot.

However, this openSUSE certificate is not the master one, from what I seen.

I tried in another box, which is Secure Boot aware, to play with making my own certificates and signing kernels.

BUT, you should replace on UEFI BIOS the master certificate with yours. At least this way I understand.

That's not an option for me, as I said that I must preserve Windows 10 on that computer.

Also, I do NOT want to replace the master certificate, because I know that some firmware from its devices may be signed with it, so I do not want to brick it. Yeah, you can brick your computer with custom certificates.

Anyway, my son is quite happy with openSUSE, and probably he will try also Slackware, if it ever will be compatible with his computer.

afaik, there are two ways of doing secure boot. The way you describe, replacing the master certificate with your own, is the most thorough and gives you complete control of your system, but as you say, it's quite dangerous and not compatible with running Windows on the same machine. The other way is to use shim, which is pre-signed with the Microsoft master key and uses one or more MOKs to identify allowed bootable software. That's what Suse does. You could use the openSuse key that you imported to sign the slackware kernel too. If you imported it via mokmanager, then it isn't a master key but a MOK key. The UEFI doesn't recognise those but shim does.

I for sure would like to be able to get secure boot to work out of the box on my next machine (or whatever machine I maintain for family or relatives).

Hope our BDFL will have that ready for 15 or 15.1

1 members found this post helpful.

Yes, but you didn't HAVE to buy that one, did you?
You could go with option 3
What I mean is, for the immediate future you can still find recent hardware that WILL have the option to disable secureboot.
Eventually, though, I'm afraid your options will become more limited...

In that day I had to buy a laptop for my son, because it was required at school.

Read: me going at the local computer shop and returning home with a laptop, no further alternatives available.

And this particular model looked the best compromise between the hardware performances and price.

When the alternatives on my price range was some netbooks driven by AMD E2-2500 and Intel Atoms, I apologize to not thinking about principles, choices and freedoms, but about getting the best hardware for the lowest price possible. Anyway I payed for it half of my monthly salary.

However, when the "freedoms" are shoved down on someone throat, I am afraid that they are not freedoms anymore.

Then, let's pay double for some old hardware, just because it will be compatible with a particular operating system?

I have bought newer laptop (with TPM2) than yours https://www.linuxquestions.org/quest...rs-4175697971/ and I still have choice of selecting how I want to boot OS. So this is more or less a question of some research: I called company and asked about secure boot option. and I did pay less for similarly configured HP or Lenovo (Dell has comparable system with same price and also gives choice of selecting boot options).

If you do not have more options when buying hardware, this is not really OS problem.

1 members found this post helpful.

Hello,

On this page (italian), the author didn't seem to had any issue to disable secure-boot to install Mint on this laptop :
Furthermore, I checked this on the BIOS simulator center and the option 'secure-boot' (in tab security) can be disabled :


Sure this is a simulator and this can be inaccurate...



--
SeB

Does this work?

Aside - Your story illustrates my point. Microsoft is leveraging it's power in the marketplace to force Linux users to jump through hoops that are not present for Windows users.
Windows 8 - Microsoft mandated that it be possible to disable Secure Boot on any Windows certified systems.
Windows 10 - Manufacturers able to enable UEFI Secure Boot without giving you a manual kill switch.
Windows 11 - Adds requirement for TPM version 2.

It is a deliberate frustration to make Windows seem easy and Linux look hard.

2 members found this post helpful.