This is an intentional re-submission from yesterday to ensure people see it and plan for changes this week. Please let me know if any parts need expanding or if anything is missing. I've only done this on a half dozen machines and they were all Linux.
Perhaps you could mention that, alternatively, one can rely on TPM with Heads and a hardware key for verified boot. In this case, no proprietary software is involved.
That sounds like a good idea. Can you recommend a really good document I could link to that could walk people through switching from the M$ Cert secure boot to the non proprietary methods? Ideally one you have gone through on a few machines.
That looks interesting but it does not appear to be widely used or support a lot of hardware. I could be reading too much into it. I would not want to suggest people move from a proprietary but widely adopted thing to something obscure. I will read through it some more. If all Dell and HP servers supported it that could be a start.
This is an intentional re-submission from yesterday to ensure people see it and plan for changes this week. Please let me know if any parts need expanding or if anything is missing. I've only done this on a half dozen machines and they were all Linux.
Perhaps you could mention that, alternatively, one can rely on TPM with Heads and a hardware key for verified boot. In this case, no proprietary software is involved.
That sounds like a good idea. Can you recommend a really good document I could link to that could walk people through switching from the M$ Cert secure boot to the non proprietary methods? Ideally one you have gone through on a few machines.
There are very few machines that are capable of running Heads, https://osresearch.net/Prerequisites. I checked that it works on two Librem laptops with a Librem Key, https://puri.sm/posts/the-librem-key-makes-tamper-detection-...
That looks interesting but it does not appear to be widely used or support a lot of hardware. I could be reading too much into it. I would not want to suggest people move from a proprietary but widely adopted thing to something obscure. I will read through it some more. If all Dell and HP servers supported it that could be a start.