[arch-general] UEFI secure boot

Joe(theWordy)Philbrook jtwdyp at ttlc.net
Tue Jun 5 16:54:58 EDT 2012 

It would appear that on Jun 4, Alexandre Ferrando did say:

> On 4 June 2012 22:27, Sudaraka Wijesinghe <sudaraka.wijesinghe at gmail.com> wrote:
> > If this is a poll, I vote "Arch should require Secure Boot to be disabled"
> >
> > I choose a distro like Arch because it doesn't have a financial motive
> > and will not give into market pressures such as this.
> > If we want keep hardware vendors from forcing Secure Boot on us, we have
> > to send the message out that we don't want it. Paying a "small" price of
> > M$99 is not the way.
> >
> > However as free software users, we will have to endure some hard time in
> > the coming days when getting new hardware.
> >
> > Just my two cents.
> >
> > Sudaraka.
> >
> 
> I'd like to add something to what Sudaraka said:
> 
> Arch doesn't seems to have the same kind of user than fedora, Arch if
> I don't remember it wrong, tends to be aimed for a competent user.
> Such a competent user can disable secure boot in x86 devices. (ARM
> devices doesn't seem a problem to Arch because  we don't do ARM)

And to that it appears that on Jun 5, Lukáš Jirkovský did add:

> Assuming the Arch Users are competent, I'd rather let them add an Arch
> Linux key to UEFI without disabling Secure Boot. This way Arch would
> work with Secure Boot with added security of no one messing with
> bootloader in a harmful way.


Speaking as an Arch user who is just barely competent enough for Arch with
much dependence on google and Arch's most excellent wiki, I'd like to see
Arch continue to do what I see as one of it's strong points.

Yes it insists on it's users having a certain level of competence. But it
generally seems willing to include fairly detailed step by step tutorials
and guides in it's wiki, to help those with less (or outdated) technical
expertise become more competent.

So how about somebody who knows how to disable secure boot on x86 devices
post a good howto in the wiki (or if that would be reinventing the wheel, a
link to a good external guide.)?

And likewise, in case some Arch user should inadvertently acquire some PC
where somehow the firmware option to disable "Secure Boot" wasn't there. How
about somebody who knows how to add an "Arch key" to UEFI, posting a wiki
tutorial for that?

Speaking for myself, I know I wouldn't have a clue how to do either without
a good tutorial. And it's starting to sound like I'm going to have to know
how to do one or the other by the time I'm ready for new hardware...

My current desktop is from 2005, and it hasn't shown any signs of failing
{yet}... {{Please God let me find such a tutorial when it does fail...}}

-- 
|   ~^~   ~^~
|   <*>   <*>       Joe (theWordy) Philbrook
|       ^                J(tWdy)P
|     \___/         <<jtwdyp at ttlc.net>>

More information about the arch-general mailing list