Ubuntu 16.04 Secure Boot Policy
Martinx - ジェームズ
thiagocmartinsc at gmail.com
Wed Jul 6 03:05:08 UTC 2016
On 5 July 2016 at 04:15, Ralf Mardorf <ralf.mardorf at alice-dsl.net> wrote:
> On Tue, 5 Jul 2016 03:39:48 -0400, Tom H wrote:
> >On Mon, Jul 4, 2016 at 3:58 AM, Ralf Mardorf wrote:
> >> It's still more user-friendly to disable secure boot, than to deal
> >> with it, isn't it?
> >
> >It's certainly simpler. I've disabled SB on my laptop out of sheer
> >laziness
>
> I only use an old BIOS computers, but assumed one day I should get an
> UEFI-secure-boot computer, then I most likely would disable secure
> boot. Call it "laziness", I name it "cautiousness to avoid trouble".
>
> You and I are advanced users and using secure boot at least is
> uncomfortable for us, we don't know, if it could cause an issue at a bad
> timing. It might expand security, but for my computer usage I didn't
> experience security issues in more than 10 years Linux usage, most of
> the times even without AppArmor, firewalls and similar. Even while
> I'm seldom using firewalls myself, I recommend to use a firewall. I do
> not recommend AppArmor, SELinux, secure boot. At least AppArmor doesn't
> cause issues (I don't know SELinux by own experiences). I have read
> many threads about (U)EFI and secure boot issues on different mailing
> lists. Assumed my kind of computer usage should require advanced
> security, then I would ensure to always use a firewall and perhaps
> always use AppArmoror, or read about SELinux and perhaps test this. I
> still would avoid adding possible trouble by using secure boot.
>
> I wunder if a multi-boot with a Windows install that requires secure
> boot, could be done, by only enabling secure boot, before booting
> Windows and disabling it, before booting Linux or BSD. Actually I only
> need one Windows program, running on Windows 7 as a guest on a Linux
> host. Since I anyway need to share data between Linux and this Windows
> program, running it in a virtual machine is better, regarding my needs.
>
> 2 Cents,
> Ralf
>
>
First thing I did after buying a new Dell PC, was to disable this
"security" at bios, also, I'm using regular BIOS (legacy mode), no EFI
here...
Specially because it is not possible to install an Ubuntu Server with
software RAID on an EFI machine (I'm abut to fill a bug report about this
soon).
Cheers!
Thiago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20160705/8c7b9454/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list