So @Aki prior to installation how do we get the proper installation of Debian system for secure boot? Does Debian provide say with bookworm the required keys for the kernel 6.1? And also keys are required only for the kernel and not for systemd or for both? Is there some other process for which keys are also required, apart from Kernel and SystemD? Does the installer takes care of this automatically without any intervention required by the user?Hello,It depends.Once we have installed Debian or Linux on our machines with Secure boot off, is there a way to turn secure boot on? [..]
Enabling secure boot in the BIOS/Firmware is easy, but the operating system must already be properly installed on the hard disk for EFI/Secure Boot to work. It must be installed using a GPT partitioning scheme with an ESP partition where the EFI boot loader must already be installed.
@Aki this helps a lot. I have a few more doubts. Can you please help in those?Hope this helps.3.6.3. Systems with UEFI firmware
UEFI (“Unified Extensible Firmware Interface”) is a new kind of system firmware that is used on many modern systems and is - among other uses - intended to replace the classic PC BIOS.
Currently most PC systems that use UEFI also have a so-called “Compatibility Support Module” (CSM) in the firmware, which provides exactly the same interfaces to an operating system as a classic PC BIOS, so that software written for the classic PC BIOS can be used unchanged. Nonetheless UEFI is intended to one day completely replace the old PC BIOS without being fully backwards-compatible and there are already a lot of systems with UEFI but without CSM.
.....
.....
The other major difference between BIOS (or UEFI in CSM mode) and native UEFI is the location where boot code is stored and in which format it has to be. This means that different bootloaders are needed for each system.
.....
.....
---
[1] Systems with UEFI firmware
Firstly is about the location of boot code/boot loaders with secure boot enabled. So my assumption is that if we have a single Debian system, no dual/triple boot, with secure boot then that should not be a concern. But if we have dual or triple boot systems and need secure boot then we will need to have two or three bootloaders, each for a different OS. Is this correct? So in case of a single drive partitioned between say two or three different OS we will need to have two or three EFI system partition for each of those different OS. Is that correct? And if yes then how can we manage the OS selection at boot time. Which boot loader will load first and will manage these multiple OS boot using secure boot?
Is there some documentation apart from the one that you have given?
Statistics: Posted by DebianFox — 2024-05-06 05:27 — Replies 2 — Views 83