diff options
author | Eric Hameleers <alien@slackware.com> | 2021-11-08 09:18:14 +0100 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2021-11-08 09:18:14 +0100 |
commit | f5a3e197512428a14925376345215fcc79f73c8b (patch) | |
tree | 6318419b1d61e33f40757c7d6a68e88eb97ca4e9 /grub.tpl | |
parent | 5321fa4452c34f5b5d2547682ac9ea890378268c (diff) | |
download | liveslak-f5a3e197512428a14925376345215fcc79f73c8b.tar.gz liveslak-f5a3e197512428a14925376345215fcc79f73c8b.tar.xz |
liveslak: add Secure Boot support to all 64bit ISOs
Read the updates in the README for more background and guidance.
User notice:
As a one-time action the very first time you boot a Secure Boot enabled
liveslak ISO, you will have to enroll the liveslak certificate
(/EFI/BOOT/liveslak.der) with which the Slackware boot-up binaries
(grub and kernel) were signed into your computer's MOK (Machine Owner Key
database).
This enrollment request will show on-screen during initial boot,
just follow the prompts to 'enroll from disk'. Afterwards the computer
will reboot and from then on, your liveslak will boot without any
user intervention on your Secure Boot computer.
Note:
liveslak uses Fedora's initial boot loader (the 'shim') which
has been signed by Microsoft. In future we may get our own
signed shim for liveslak and/or Slackware, but don't hold your breath.
Diffstat (limited to 'grub.tpl')
-rw-r--r-- | grub.tpl | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -22,6 +22,12 @@ if [ -z "$sl_locale" ]; then export sl_locale fi +# Check whether we are in a Secure Boot scenario: +if [ "x$lockdown" != "x" ]; then + set check_signatures=enforce + export check_signatures +fi + # Determine whether we can show a graphical themed menu: insmod font if loadfont $prefix/theme/dejavusansmono12.pf2 ; then |