Release Engineering

This project is intented for all release related issues (isos, installer, etc), under the umbrella of the ArchLinux Release Engineers

FS#53864 - Support Secure Boot

Attached to Project: Release Engineering
Opened by mirh (mirh) - Friday, 28 April 2017, 10:58 GMT
Task Type Bug Report
Category ArchISO
Status Unconfirmed
Assigned To No-one
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 2
Private No


Bug report instead of feature request because it used to work until

Ideally, if somebody could get to ping Jejb for updated signed binaries it would be best.
Another alternative (as mentioned on Arch Wiki) is Fedora shim, but I haven't tested this directly and I wouldn't know whether it offers a worse or better OOTB experience.

This issue is getting more and more severe with time, since (putting aside 99% of computers are sold with SB enabled by default), W10 certification requirements dropped the "can be disabled" criteria and most OEMs are getting quite lazy.
This task depends upon

Comment by Gerardo Exequiel Pozzi (djgera) - Monday, 29 May 2017, 23:05 GMT
Did you read this? Nobody answer I guess there was no interest.
Comment by mirh (mirh) - Tuesday, 30 May 2017, 11:55 GMT
I don't find really surprising that the set of people using Arch *AND* also keen on checking its mailing lists, aren't really bothered by the lack of SB.
Thing is, besides nevertheless the little annoyance of "figuring out what's the matter" and tinkering with bios, as I was saying many newer computers cannot even disable it.

Then, I'm not sure how's Arch's financial situation, but the neatest solution would be to acquire a certificate, and use it to sign officially built binaries (which together with avoiding package duplication, would also finally bring-in a 4 years newer preloader)
Comment by mirh (mirh) - Saturday, 02 December 2017, 18:40 GMT
Seems like you don't even need a penny to jump aboard.