Revision [29375]

This is an old revision of SecureBoot made by darkcity on 2013-10-26 08:34:42.

 

cn::de::es::fr::gr::hu::it::ja::kr::nl::pl::pt::ru::se::us::vn::

HomePage > ComponentHowTo Components and HowTos > InstallationIndex Install

Secure boot

Secure Boot is a "module" or "add - on" of UEFI. It was forced on the main board manufactures. It can be disabled, by going to the "advanced" tab of the BIOS, and doing two things, enable CSM and Legacy Op Rom.


If you want to run any version of you MAY have to use Secure Boot. No puppy variant has solved the issue of getting signed keys from Microsoft, in order for it bypass secure boot but this only applies to "CLASS 3" UEFI systems and is usually from "pre-built" or other wise "mass - produced" computer vendors. Otherwise, simply go into the UEFI BIOS and modifying settings as stated, should work, unless it's of the class 3 specification.

How can you tell the difference between class 1,2 and 3?
These Two links should give an answer :


while the last link is for a laptop, it should still at least give a pointer as I believe that the UEFI BIOS specifications are nearly the same.


Basically if you go into advanced settings and do not see any "Firmware options" (CSM, Op-rom, etc) in that Tab, then you got a "Class 3" UEFI BIOS Implementation.

Technical Details
The UEFI 2.2 specification adds a protocol known as Secure boot, which can secure the boot process by preventing the loading of drivers or OS loaders that are not signed with an acceptable digital signature. When secure boot is enabled, it is initially placed in "setup" mode, which allows a public key known as the "Platform key" (PK) to be written to the firmware. Once the key is written, secure boot enters "User" mode, where only drivers and loaders signed with the platform key can be loaded by the firmware. Additional "Key Exchange Keys" (KEK) can be added to a database stored in memory to allow other certificates to be used, but they must still have a connection to the private portion of the Platform key.[26] Secure boot can also be placed in "Custom" mode, where additional public keys can be added to the system that do not match the private key.[27]


Secure boot is supported by Windows 8, Windows Server 2012, and selected Linux distributions.

Also on the Wiki



Categories
CategoryInstallation
CategoryTutorial
There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki