shim-review
rocky-stats
shim-review | rocky-stats | |
---|---|---|
9 | 4 | |
64 | 4 | |
- | - | |
6.4 | 5.5 | |
10 days ago | 5 days ago | |
Jupyter Notebook | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
shim-review
-
The Future of AlmaLinux
Alma used CloudLinux's secure boot key (among other CloudLinux infrastructure / resources) for their first few releases.
Rocky Linux didn't have secure boot out the gate because we built everything from scratch, which included going through the long process of getting our own secure boot key approved / signed by Microsoft. See https://github.com/rhboot/shim-review/issues/194 (Alma didn't get their own until https://github.com/rhboot/shim-review/issues/235)
-
Fermilab/CERN recommendation for Linux distribution
AlmaLinux uses their own secure boot certificate, as noted in their last shim-review: https://github.com/rhboot/shim-review/issues/235
- Secure boot Question
- Do I need secure boot?
-
Lenovo shipping new laptops that only boot Windows by default
In my opinion, this news is exaggerated.
The 3rd party UEFI CA key is implemented by the Shim, which is an attack vector. To be certified by default for the shim, the workflow is a github issue [0]. This is not necessarily bad, but a vector for social-engineering and more.
If an attacker is signed by the shim, he can execute trusted code on most machines without problems.
IMO it is better to leave this choice to the user to take this risk and enable the shim. Who installs linux should make this choice consciously
[0]: https://github.com/rhboot/shim-review
Translated with www.DeepL.com/Translator (free version)
-
Where is Secure Boot and the community updates?
Most if not everything else is in place for when this process is complete, but this single step (https://github.com/rhboot/shim-review/issues/194) is a blocker on it.
-
AlmaLinux and SecureBoot
Hey. Secureboot should be ready soon. You can follow along at home here: https://github.com/rhboot/shim-review/issues/152. We are basically just waiting for the shim to be signed.
-
almalinux in EFI binary path, not yet
And it seems that since well over two months, Microsoft is just busy changing their review process and not signing anything at all.
rocky-stats
- What are the CONS of using CentOS Stream instead of AlmaLinux?
-
Fermilab/CERN recommendation for Linux distribution
> Here are some graphs charting usage through EPEL statistics: https://rocky-stats.tiuxo.com.
As someone who has had to use Oracle Linux for quite a few projects due to requirements, those graphs are actually a sobering look on things.
Of course, all of those distros are reasonably similar at the end of the day, but it's pretty clear that the popularity of Rocky Linux, Alma Linux, and even CentOS Stream are all formidable.
- Updates on how Rocky, and/or other RHEL clones, are doing ?
What are some alternatives?
almalinux-deploy - EL to AlmaLinux migration tool.
rocky-tools
devtools
efi-rpm-macros - efi-rpm-macros provides a set of RPM macros for use in EFI-related packages.
ExpansionCards - Reference designs and documentation to create Expansion Cards for the Framework Laptop
shim - UEFI shim loader