shim-review
devtools
shim-review | devtools | |
---|---|---|
9 | 1 | |
64 | 24 | |
- | - | |
6.4 | 3.4 | |
9 days ago | 6 months ago | |
Roff | ||
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
shim-review
-
The Future of AlmaLinux
Alma used CloudLinux's secure boot key (among other CloudLinux infrastructure / resources) for their first few releases.
Rocky Linux didn't have secure boot out the gate because we built everything from scratch, which included going through the long process of getting our own secure boot key approved / signed by Microsoft. See https://github.com/rhboot/shim-review/issues/194 (Alma didn't get their own until https://github.com/rhboot/shim-review/issues/235)
-
Fermilab/CERN recommendation for Linux distribution
AlmaLinux uses their own secure boot certificate, as noted in their last shim-review: https://github.com/rhboot/shim-review/issues/235
- Secure boot Question
- Do I need secure boot?
-
Lenovo shipping new laptops that only boot Windows by default
In my opinion, this news is exaggerated.
The 3rd party UEFI CA key is implemented by the Shim, which is an attack vector. To be certified by default for the shim, the workflow is a github issue [0]. This is not necessarily bad, but a vector for social-engineering and more.
If an attacker is signed by the shim, he can execute trusted code on most machines without problems.
IMO it is better to leave this choice to the user to take this risk and enable the shim. Who installs linux should make this choice consciously
[0]: https://github.com/rhboot/shim-review
Translated with www.DeepL.com/Translator (free version)
-
Where is Secure Boot and the community updates?
Most if not everything else is in place for when this process is complete, but this single step (https://github.com/rhboot/shim-review/issues/194) is a blocker on it.
-
AlmaLinux and SecureBoot
Hey. Secureboot should be ready soon. You can follow along at home here: https://github.com/rhboot/shim-review/issues/152. We are basically just waiting for the shim to be signed.
-
almalinux in EFI binary path, not yet
And it seems that since well over two months, Microsoft is just busy changing their review process and not signing anything at all.
devtools
-
Fermilab/CERN recommendation for Linux distribution
Yes, Gregory Kurtzer personally helped in development (primarily the packaging / tools during 8.3 and then 8.4). I know, I was there lol. For example, see the commit log to the early set of Rocky Linux devtools:
https://github.com/rocky-linux/devtools/commits/main?after=f...
"All he does is talk" is unfairly dismissive. We all have our roles, and Greg's is not release engineering.
The "taking credit" bit is an unfortunate misconception, media likes to attribute the entire project to gmk since he's a notable personality, but he himself does not.
What are some alternatives?
almalinux-deploy - EL to AlmaLinux migration tool.
TheAlgorithms - All Algorithms implemented in Python
rocky-stats
rocky-tools
efi-rpm-macros - efi-rpm-macros provides a set of RPM macros for use in EFI-related packages.
ExpansionCards - Reference designs and documentation to create Expansion Cards for the Framework Laptop
shim - UEFI shim loader