[CentOS] Boot failed on latest CentOS 7 update

Sun Aug 2 18:45:01 UTC 2020
Phil Perry <pperry at elrepo.org>

On 02/08/2020 16:26, Valeri Galtsev wrote:
> On the side note: it is Microsoft that signs one of Linux packages now. We seem to have made one more step away from “our” computers being _our computers_. Am I wrong?
> Valeri

Microsoft are the Certificate Authority for SecureBoot and most 
SB-enabled hardware (most x86 hardware) comes with a copy of the 
Microsoft key preinstalled allowing binaries that are signed by 
Microsoft to work. In the case of linux, that is the shim which becomes 
the root of trust to load everything else. If you are not happy with 
that you can always become your own certificate authority by generating 
your own keys, install your signing keys in the hardware's firmware (MOK 
list) and sign stuff yourself to use on your own machine(s).

However if you wish to distribute stuff to others and have it work 
seamlessly on hardware outside of your direct control and without the 
need for every user to import your CA SecureBoot signing key into the 
MOK list on every device, you would rely on Microsoft to sign SB related