It's 2024 and #Linux installers still ask for disabling #SecureBoot and #Bitlocker.
-
It's 2024 and #Linux installers still ask for disabling #SecureBoot and #Bitlocker.
Bad news everyone: Only doing the easy 80% is not enough if Linux shall ever become a #mainstream OS.
-
Sven Geggusreplied to Mathias Hasselmann last edited by
@taschenorakel Granted, that support in Installers could be better but this works well enough in the Meantime (Debian 12 here):
~/ > mokutil --sb-state
SecureBoot enabled
~/ > df /
Dateisystem Größe Benutzt Verf. Verw% Eingehängt auf
/dev/mapper/luks-706e6969-bfe6-4f95-a283-7d2fc64654f3 952G 135G 818G 15% / -
Mathias Hasselmannreplied to Sven Geggus last edited by
@giggls That's exactly my complaint: The nuts and bolts are all there. Grub, Linux and all the like work perfectly fine with Secure Boot and Bitlocker.
It's just once again this damn "The easy 80% are working, I am done" attitude, that makes Linux unneccesary inaccessible and complicated for non-geeks.
Non-technical people will just destroy their existing installations because of this careless lazyness.
-
Morten Linderudreplied to Mathias Hasselmann last edited by
That's not really how it works. You need to have a signing enclave setup to actually get a signed shim sorted for the distro boot chain.
This is what enables you to provide signed kernel modules and have a trust pivot from the secure boot keys to the MOK.
It is far from easy, and not really trivial either.
-
Mathias Hasselmannreplied to Morten Linderud last edited by
@Foxboron Exactly, you almost got it: "It is far from easy, and not really trivial either."
What I don't get: Why do you believe that the non-expert mainstream user should work out these seriously complex issues? Even more if the people able of doing Linux installers kind of know these things by hearth?
-
Morten Linderudreplied to Mathias Hasselmann last edited by
You missed the perspective I'm talking from, which is the Linux distros themselves.
