You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Another thing that I wouldn't mind mentioning here is the use of sbctl. It makes managing secure boot with your own keys so much easier. Currently available on a variety of distributions.
I've been working on packaging this for Fedora. I have used it successfully on Archlinux that it works successfully.
Description
URL of affected page: https://www.privacyguides.org/linux-desktop/hardening/#secure-boot
We should probably elaborate there a little on Dynamic Kernel Module Support (DKMS) and Akmods and how to sign them.
These come up when using virtualization software, NVIDIA drivers etc.
While it's not great to sign kernel modules blindly, it's better than disabling secure boot.
The alternative is to use the shim and Machine Owner Key (MOK).
The text was updated successfully, but these errors were encountered: