• thearch@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    35
    ·
    4 months ago

    It’s supposed to prevent unsigned files from being loaded by the UEFI (AFAIK) which could possibly help with rootkits, if it doesn’t somehow sign itself. However, these are pretty rare if you don’t allow sketchy software to access your boot partition, and will often cause issues with non major Linux distros.

        • bruhduh@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          4 months ago

          Nah man, it didn’t even allowed to boot iso from ventoy until i disabled secure boot

          • SSJMarx@lemm.ee
            link
            fedilink
            English
            arrow-up
            3
            ·
            4 months ago

            With Debian I think I was able to load the appropriate keys after installing the OS and then re-enable secureboot in the bios. Might be worth checking into.

            • Emerald@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago

              I just don’t bother with secure boot as its not in my threat model. I turn it off

          • Emerald@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Well of course, thats the setup. Disabling secure boot. If it didn’t stop you from booting a third party OS without you toggling that BIOS option, then the security feature would be pointless.