Timeline for Do I need to verify a .ISO before flashing, if my laptop has secure boot?
Current License: CC BY-SA 4.0
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Nov 12, 2024 at 0:40 | vote | accept | Poperton | ||
| S Nov 12, 2024 at 0:40 | history | bounty ended | Poperton | ||
| S Nov 12, 2024 at 0:40 | history | notice removed | Poperton | ||
| Nov 10, 2024 at 9:22 | answer | added | CBHacking | timeline score: 1 | |
| Nov 9, 2024 at 8:25 | answer | added | Ja1024 | timeline score: 6 | |
| S Nov 8, 2024 at 20:32 | history | bounty started | Poperton | ||
| S Nov 8, 2024 at 20:32 | history | notice added | Poperton | Improve details | |
| Nov 6, 2024 at 8:21 | comment | added | Margaret Bloom | Most x86 firmware are enrolled only with a Microsoft certificate and thus only trust Microsoft signed binaries. Shim is small EFI application that act as a... shim. It just chain load another EFI application (your bootloader or kernel, in this case). It's magic consists in being signed by MS because it only load EFI applications that have been signed by a distro CA or whitelisted explicitly, at boot, by the user (it's a trust delegation). So if you have secure boot and don't enroll any new binary into shim, you can only load signed ISOs. If you need to enroll a new hash, you are on your own. | |
| Nov 5, 2024 at 16:56 | history | asked | Poperton | CC BY-SA 4.0 |