SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Thanks for confirming that this is one area where computing has not much changed in ten years, allowing the original concerns to stand.
Ever considered that people who use Slackware like it because it does not always run with the pack? Or that they might happily do the work for themselves?
Thanks for confirming that this is one area where computing has not much changed in ten years, allowing the original concerns to stand.
Ever considered that people who use Slackware like it because it does not always run with the pack? Or that they might happily do the work for themselves?
About what running with the pack you talk?
We should be proud that Slackware is incapable to run in a brand new computer, where openSUSE, Ubuntu or Fedora will happily run?
I know that I repeat myself, but it's all about acceptance or artificial refusal of functioning on certain hardware, which certainly is quite capable to run Slackware otherwise.
And about what "people who use Slackware" you talk? Those one hundred die-hard (including me) who still hangs on this forum?
I will tell you something factual: 10 years ago I lived in a community of around 30 users of Slackware.
Today, from this community from past I am the single one who still use it. And this along with openSUSE and Ubuntu.
From what I seen, the people might NOT be so happy to do the work for themselves.
Last edited by LuckyCyborg; 07-29-2021 at 04:02 AM.
What you say, has noting to do with reality. It's just radicalism in a fantasy world.
In fact, Microsoft is just a Certificate Authority. One of them.
Because I seen computers with Ubuntu preinstalled, which have the Ubuntu certificate on motherboard.
And I heard that there are SUSE computers too.
Well, the reality is that you're free to use Fedora if you want secureboot control keys, which will enable you to stop whining about Slackware not having implemented a questionable function.
Sounds like you're more busy wanting "everyone to be the same", than promoting choice and freedom.
Well, the reality is that you're free to use Fedora if you want secureboot control keys
I don't think that Slackware users wanting secureboot is in question.
Slackware users just want to use Slackware.
If for using Slackware one needs secureboot, you have the following options:
Slackware secures (buys) keys from microsoft
User must jump through hoops to get their own keys recognized through shims and whatnot
Restrict your Slackware use to older hardware OR some OEM that decides to allow disabling secureboot
Change distros
Regardless, this will not be a "problem" in the immediate future.
Yes, we know it can be done, but the production and enrollment of keys for every kernel change is at best an inconvenience while at worst has potential for a bricked system.
It's not as bad as that! If you use shim, you create and enroll one MOK key. Then you use that key to sign each new kernel. I think you may also need to sign those modules that your kernel will be using. That's all. As sensible people always keep the previous kernel in place as a fallback, there's not much risk of bricking the system.
I don't think that Slackware users wanting secureboot is in question.
Slackware users just want to use Slackware.
If for using Slackware one needs secureboot, you have the following options:
Slackware secures (buys) keys from microsoft
User must jump through hoops to get their own keys recognized through shims and whatnot
Restrict your Slackware use to older hardware OR some OEM that decides to allow disabling secureboot
Change distros
Regardless, this will not be a "problem" in the immediate future.
My business class Lenovo V145 15AST laptop dares to differ...
I bought this somewhat expensive laptop for my elder son after entering on High School, it was shipped with Windows 10 Pro and my son installed on dual-boot also openSUSE. On all fairness, he tried first to install Slackware-current, with my help.
The surprise is that on this laptop the Secure Boot cannot be disabled and the Slackware installation effectively does not boot.
We can talk 100 pages about freedom and choices, fact is that Slackware is not compatible with my laptop, which I bought it brand-new around half a year ago.
Also, how my son needs the Windows for school, I do not want to mess with its UEFI BIOS.
And after looking around, looks like there lots of computers like it on sales - Secure Boot only.
PS. the attached image is for reference only, and as difference, my laptop has a Russian keyboard, but I do not think that matters for the discussion.
Last edited by LuckyCyborg; 07-29-2021 at 06:34 AM.
My business class Lenovo V145 15AST laptop dares to differ...
I bought this somewhat expensive laptop for my elder son after entering on High School, it was shipped with Windows 10 Pro and my son installed on dual-boot also openSUSE. On all fairness, he tried first to install Slackware-current, with my help.
The surprise is that on this laptop the Secure Boot cannot be disabled and the Slackware installation effectively does not boot.
So how does OpenSuse boot? Does it use shim and mokmanager, or has it installed its own alternative EFI key? Either way you should be able to sign your Slackware kernel in the same way.
So how does OpenSuse boot? Does it use shim and mokmanager, or has it installed its own alternative EFI key? Either way you should be able to sign your Slackware kernel in the same way.
When you first boot the openSUSE installation kit (an USB drive in my care) there's MokManager which ask you to import a certificate. After importing it, openSUSE never remind you regarding Secure Boot.
However, this openSUSE certificate is not the master one, from what I seen.
I tried in another box, which is Secure Boot aware, to play with making my own certificates and signing kernels.
BUT, you should replace on UEFI BIOS the master certificate with yours. At least this way I understand.
That's not an option for me, as I said that I must preserve Windows 10 on that computer.
Also, I do NOT want to replace the master certificate, because I know that some firmware from its devices may be signed with it, so I do not want to brick it. Yeah, you can brick your computer with custom certificates.
Anyway, my son is quite happy with openSUSE, and probably he will try also Slackware, if it ever will be compatible with his computer.
Last edited by LuckyCyborg; 07-29-2021 at 07:27 AM.
afaik, there are two ways of doing secure boot. The way you describe, replacing the master certificate with your own, is the most thorough and gives you complete control of your system, but as you say, it's quite dangerous and not compatible with running Windows on the same machine. The other way is to use shim, which is pre-signed with the Microsoft master key and uses one or more MOKs to identify allowed bootable software. That's what Suse does. You could use the openSuse key that you imported to sign the slackware kernel too. If you imported it via mokmanager, then it isn't a master key but a MOK key. The UEFI doesn't recognise those but shim does.
I for sure would like to be able to get secure boot to work out of the box on my next machine (or whatever machine I maintain for family or relatives).
My business class Lenovo V145 15AST laptop dares to differ...
Yes, but you didn't HAVE to buy that one, did you?
You could go with option 3
Quote:
Originally Posted by Slax-Dude
3. Restrict your Slackware use to older hardware OR some OEM that decides to allow disabling secureboot
What I mean is, for the immediate future you can still find recent hardware that WILL have the option to disable secureboot.
Eventually, though, I'm afraid your options will become more limited...
Yes, but you didn't HAVE to buy that one, did you?
In that day I had to buy a laptop for my son, because it was required at school.
Read: me going at the local computer shop and returning home with a laptop, no further alternatives available.
And this particular model looked the best compromise between the hardware performances and price.
When the alternatives on my price range was some netbooks driven by AMD E2-2500 and Intel Atoms, I apologize to not thinking about principles, choices and freedoms, but about getting the best hardware for the lowest price possible. Anyway I payed for it half of my monthly salary.
However, when the "freedoms" are shoved down on someone throat, I am afraid that they are not freedoms anymore.
Quote:
Originally Posted by Slax-Dude
What I mean is, for the immediate future you can still find recent hardware that WILL have the option to disable secureboot. Eventually, though, I'm afraid your options will become more limited...
Then, let's pay double for some old hardware, just because it will be compatible with a particular operating system?
Last edited by LuckyCyborg; 07-29-2021 at 08:56 AM.
Distribution: VM Host: Slackware-current, VM Guests: Artix, Venom, antiX, Gentoo, FreeBSD, OpenBSD, OpenIndiana
Posts: 1,011
Rep:
Quote:
Originally Posted by LuckyCyborg
My business class Lenovo V145 15AST laptop dares to differ...
I bought this somewhat expensive laptop for my elder son after entering on High School, it was shipped with Windows 10 Pro and my son installed on dual-boot also openSUSE. On all fairness, he tried first to install Slackware-current, with my help.
The surprise is that on this laptop the Secure Boot cannot be disabled and the Slackware installation effectively does not boot.
We can talk 100 pages about freedom and choices, fact is that Slackware is not compatible with my laptop, which I bought it brand-new around half a year ago.
Also, how my son needs the Windows for school, I do not want to mess with its UEFI BIOS.
And after looking around, looks like there lots of computers like it on sales - Secure Boot only.
PS. the attached image is for reference only, and as difference, my laptop has a Russian keyboard, but I do not think that matters for the discussion.
I have bought newer laptop (with TPM2) than yours https://www.linuxquestions.org/quest...rs-4175697971/ and I still have choice of selecting how I want to boot OS. So this is more or less a question of some research: I called company and asked about secure boot option. and I did pay less for similarly configured HP or Lenovo (Dell has comparable system with same price and also gives choice of selecting boot options).
If you do not have more options when buying hardware, this is not really OS problem.
My business class Lenovo V145 15AST laptop dares to differ...
I bought this somewhat expensive laptop for my elder son after entering on High School, it was shipped with Windows 10 Pro and my son installed on dual-boot also openSUSE. On all fairness, he tried first to install Slackware-current, with my help.
The surprise is that on this laptop the Secure Boot cannot be disabled and the Slackware installation effectively does not boot.
On this page (italian), the author didn't seem to had any issue to disable secure-boot to install Mint on this laptop :
Quote:
What I can say is that, after entering the bios and disabling the "secure boot" function, I have installed 64 bit linux mint 20 without difficulty, and everything works. I see no reason to install windows. For now I'm happy with the purchase.
Furthermore, I checked this on the BIOS simulator center and the option 'secure-boot' (in tab security) can be disabled :
Sure this is a simulator and this can be inaccurate...
Aside - Your story illustrates my point. Microsoft is leveraging it's power in the marketplace to force Linux users to jump through hoops that are not present for Windows users.
Windows 8 - Microsoft mandated that it be possible to disable Secure Boot on any Windows certified systems.
Windows 10 - Manufacturers able to enable UEFI Secure Boot without giving you a manual kill switch.
Windows 11 - Adds requirement for TPM version 2.
It is a deliberate frustration to make Windows seem easy and Linux look hard.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.