shim-review
efi-rpm-macros
shim-review | efi-rpm-macros | |
---|---|---|
9 | 1 | |
64 | 3 | |
- | - | |
6.4 | 1.5 | |
6 days ago | 6 months ago | |
Makefile | ||
- | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
shim-review
-
The Future of AlmaLinux
Alma used CloudLinux's secure boot key (among other CloudLinux infrastructure / resources) for their first few releases.
Rocky Linux didn't have secure boot out the gate because we built everything from scratch, which included going through the long process of getting our own secure boot key approved / signed by Microsoft. See https://github.com/rhboot/shim-review/issues/194 (Alma didn't get their own until https://github.com/rhboot/shim-review/issues/235)
-
Fermilab/CERN recommendation for Linux distribution
AlmaLinux uses their own secure boot certificate, as noted in their last shim-review: https://github.com/rhboot/shim-review/issues/235
- Secure boot Question
- Do I need secure boot?
-
Lenovo shipping new laptops that only boot Windows by default
In my opinion, this news is exaggerated.
The 3rd party UEFI CA key is implemented by the Shim, which is an attack vector. To be certified by default for the shim, the workflow is a github issue [0]. This is not necessarily bad, but a vector for social-engineering and more.
If an attacker is signed by the shim, he can execute trusted code on most machines without problems.
IMO it is better to leave this choice to the user to take this risk and enable the shim. Who installs linux should make this choice consciously
[0]: https://github.com/rhboot/shim-review
Translated with www.DeepL.com/Translator (free version)
-
Where is Secure Boot and the community updates?
Most if not everything else is in place for when this process is complete, but this single step (https://github.com/rhboot/shim-review/issues/194) is a blocker on it.
-
AlmaLinux and SecureBoot
Hey. Secureboot should be ready soon. You can follow along at home here: https://github.com/rhboot/shim-review/issues/152. We are basically just waiting for the shim to be signed.
-
almalinux in EFI binary path, not yet
And it seems that since well over two months, Microsoft is just busy changing their review process and not signing anything at all.
efi-rpm-macros
-
almalinux in EFI binary path, not yet
there are some macros shown below that are available in my AlmaLinux tree: https://github.com/rhboot/efi-rpm-macros/blob/master/macros.efi-srpm.in
What are some alternatives?
almalinux-deploy - EL to AlmaLinux migration tool.
rocky-stats
rocky-tools
devtools
ExpansionCards - Reference designs and documentation to create Expansion Cards for the Framework Laptop
shim - UEFI shim loader