Y
Hacker News
new
|
ask
|
show
|
jobs
by
Nullabillity
3305 days ago
Yes. Shim requires that your kernel is also signed, and also disables support for kernel modules.
1 comments
xvilka
3305 days ago
And this shows why forcing that in shim was a bad idea. They should have made a version breaking the chain, and allowing to boot unsigned kernel.
link
Nullabillity
3304 days ago
No, this shows why (forcing) Secure Boot was a bad idea. Allowing Shim to load unsigned kernels would be equivalent to having it bypass SB in the first place, which Microsoft would presumably never sign.
link