Wiki source for SecureBoot


Show raw source

{{include tonguessecureboot}}
[[HomePage]] > [[ComponentHowTo Components and HowTos]] > [[InstallationIndex Install]]

====Secure boot====
~**Secure Boot** is a "module" or "add - on" of [[UEFI]]. It was forced on the main board manufactures. It can be disabled, by going to the "advanced" tab of the BIOS, and doing two things, enable CSM and Legacy Op Rom.
---
~If you want to run any version of you MAY have to use Secure Boot. No puppy variant has solved the issue of getting signed keys from Microsoft, in order for it bypass secure boot but this only applies to "CLASS 3" UEFI systems and is usually from "pre-built" or other wise "mass - produced" computer vendors. Otherwise, simply go into the UEFI BIOS and modifying settings as stated, should work, unless it's of the class 3 specification.

==How can you tell the difference between class 1,2 and 3?==
~These Two links should give an answer :
~http://technet.microsoft.com/en-us/library/hh824987.aspx
~http://en.community.dell.com/support-forums/laptop/f/3518/t/19514372.aspx
---
~while the last link is for a laptop, it should still at least give a pointer as I believe that the UEFI BIOS specifications are nearly the same.
---
~Basically if you go into advanced settings and do not see any "Firmware options" (CSM, Op-rom, etc) in that Tab, then you got a "Class 3" UEFI BIOS Implementation.

==Technical Details==
~The UEFI 2.2 specification adds a protocol known as Secure boot, which can secure the boot process by preventing the loading of drivers or OS loaders that are not signed with an acceptable digital signature. When secure boot is enabled, it is initially placed in "setup" mode, which allows a public key known as the "Platform key" (PK) to be written to the firmware. Once the key is written, secure boot enters "User" mode, where only drivers and loaders signed with the platform key can be loaded by the firmware. Additional "Key Exchange Keys" (KEK) can be added to a database stored in memory to allow other certificates to be used, but they must still have a connection to the private portion of the Platform key.[26] Secure boot can also be placed in "Custom" mode, where additional public keys can be added to the system that do not match the private key.[27]
---
~Secure boot is supported by Windows 8, Windows Server 2012, and selected Linux distributions.

==Also on the Wiki==
~[[UEFI]]
~[[BIOS]]
~[[Fatdog]]

==Related Webpages==
~[[http://murga-linux.com/puppy/viewtopic.php?t=82821 Secure Boot bootloader for Linux thread]]
~[[http://www.murga-linux.com/puppy/viewtopic.php?t=83402 Fatdog64 with UEFI support: Test build (31 December 2012) thread]]
~[[http://www.murga-linux.com/puppy/viewtopic.php?t=81460 Linux Foundation UEFI Secure Boot System for Open Source thread]]
~[[http://blog.hansenpartnership.com/linux-foundation-secure-boot-system-released/ Linux Foundation Secure Boot System Released]]
~[[https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot Secure boot (wikipedia)]]

----
==Categories==
CategoryInstallation
CategoryTutorial
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki