Secure Boot
Secure Boot
We are new to secure boot. We are going to be using an AMI Bios on an Intel Atom processor that supports it. Once we enable it in the BIOS, is there a nice simple list of instructions that can tell us how to create keys and sign CentOS 7 for use?
Re: Secure Boot
You don't need to do anything. CentOS 7 installation .iso images are Secure Boot ready.
Re: Secure Boot
CentOS already has signed boot code.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Secure Boot
But don't you need to create your own keys to be used in the BIOS and in signing.
Re: Secure Boot
No, the booting bits in CentOS are signed by a Microsoft key, and that key is likely already included in your firmware.
(Microsoft? Huh?)
(Microsoft? Huh?)
Re: Secure Boot
Unfortunately, our customer's requirements are they shall provide the keys.
Re: Secure Boot
Then you would need to re-sign shim, grub2 and kernel with the customer's key, create new installation .iso images and install the customer's key into each and every device you plan to use. Way too complicated, and for zero benefit. And unsupported on this forum.
Re: Secure Boot
it shouldn't be too bad. we would be loading the keys into the BIOS. and when deploying the OS, we will be making a clone of the original hard drive and using that image for subsequent systems.
I don't think we plan on rebuilding the kernel, so can you sign a file that is already signed?
I don't think we plan on rebuilding the kernel, so can you sign a file that is already signed?