[CentOS-devel] testing SecureBoot

Sun Jun 22 21:48:11 UTC 2014
Anssi Johansson <centos at miuku.net>

21.6.2014 3:44, Karanbir Singh kirjoitti:
> Please test secureboot widely, its something new, its something we are
> doing differently than most of the other distro's out there at the
> moment ( but they will mostly all be doing it like this soon ).

I'm currently testing this boot.iso from the secureboot directory:
362807296 Jun 21 00:59 /tmp/boot.iso

My only secure boot capable computer is a lowly Acer Aspire XC-105 
desktop computer. The settings are currently set like this:

System Boot State: User
Secure Boot Mode State: Enabled
Secure Boot: [Enabled]
Secure Boot Mode: [Standard]
Default Key Provisioning: [Enabled]

When I enter the boot menu with F12 and select my USB stick, I get a 
nasty "Invalid signature detected. Check Secure Boot Policy in Setup". 
RHEL7rc1 doesn't boot with these settings either. Disabling Secure Boot 
lets me boot from the USB stick, and the media check passes. Please advice.

I also made test installs in UEFI mode on two non-secure boot capable 
systems from that media as a sanity check. The systems were a VirtualBox 
VM and a Dell R320. These installs worked fine, but as mentioned, 
without secure boot.