Comments (4)
Okay sounds good that’s enough for me to dive in and give it a try. Happy to hear that It goes through its own entry and I was hoping to not have to share the private key to the windows system. If I learn anything interesting about the process I’ll report back here for others.
from arch-secure-boot.
Hello, glad you found this interesting!
I did have to install Windows as dual-boot a few times for some short experiments, always used UEFI method, Windows will just add its entry and that's it.
However you are right to suspect issues with Secure Boot - I dont know if it's possible to force Windows to use our own keypair, since I didn't need it for long I just disabled Secure Boot when I needed to boot into Windows.
Alternatively you should look into this approach: https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Using_a_signed_boot_loader
I don't particularly like the approach, as earlier in that same wiki page they mention a downside when using manufacturer's key:
Default manufacturer/third party keys aren't in use, as they have been shown to weaken the security model of Secure Boot by a great margin[3]
But I guess it's better than disabling Secure Boot altogether :)
from arch-secure-boot.
@skbolton what did you learn? Did you find a working list of steps? best to install windows first? delete windows keys or use them?
from arch-secure-boot.
I never attempted as shortly after getting this system up and running I switched to nixos.
from arch-secure-boot.
Related Issues (15)
- Allow to set ucode HOT 1
- Suggestions and thank you ! HOT 11
- initial-setup failed with "cat: '/boot/*-ucode.img': No such file or directory" HOT 2
- Confusing name of LTS image when using hardened kernel HOT 4
- generate-efi : only sign what has been updated HOT 4
- Does this must require linux-lts? HOT 7
- systemd 254-1 makes generate-efi create a corrupt efi HOT 7
- generate-efi not triggered when arch-secure-boot is updated HOT 5
- What's your backup strategy ? HOT 4
- Pacman hook not triggered on kernel update HOT 3
- How to add nvidia-drm.modeset=1 HOT 19
- Does the tool support booting read-only snapshots in overlayfs mode? HOT 4
- Kernels/modules versions consistency to boot from snapshots and BTRFS subvolume layout HOT 4
- sbctl error: couldn't access /usr/share/secureboot/keys/db/db.pem: no such file or directory HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from arch-secure-boot.