Darin755
commented
3 years ago I have looked into setting up secure boot and have discovered that it is harder than it sounds. It should be easier when Slax 10 is released.
Closed Darin755 closed 2 years ago
Darin755
commented
3 years ago I have looked into setting up secure boot and have discovered that it is harder than it sounds. It should be easier when Slax 10 is released.
rrottmann
commented
3 years ago As Slax needs a customized kernel that needs to be signed in order to allow to boot from it, maybe a small, official Debian kernel could be used that boots a "trusted" stage where gpg signatures of the slax modules could be verified. Then kexec to Slax. This would use an already working secure boot environment and just extend it using gpg. Maybe the verification and the command to boot the next stage can be standardized so that this works universally?
Seems like https://www.rodsbooks.com/refind/installing.html#linux might also work. A boot manager handles then the secure boot and chainloads the configured bootloader. Config looks promising: https://www.rodsbooks.com/refind/configfile.html
seba1452021
commented
2 years ago Darin755
commented
2 years ago Closed old issue
Did not look into this, however I think that syslinux might not be a good choice for this. AFAIK, grub2 is the default option for Linux and secure boot.
https://wiki.debian.org/SecureBoot might be helpful.