csmwrap icon indicating copy to clipboard operation
csmwrap copied to clipboard
verified publisher icon FlyGoat

Secure Boot support

Open ages2001 opened this issue 7 months ago • 5 comments

When will added support? Because in future, UEFI Class 3+ systems will come and they will have force enabled Secure Boot.

ages2001 avatar May 24 '25 12:05 ages2001

Source ? I highly doubt x86 platforms are ever going to be locked down like that.

I don't think Microsoft will ever sign something that loads unsigned applications, although they have unintentionally before you can see many examples on GitHub.

xCuri0 avatar May 24 '25 13:05 xCuri0

I can't afford secure boot certification tbh. Also I doubt this kind of loader which allows you to load arbitrary OS is violating signing condition so it can never be signed.

FlyGoat avatar May 24 '25 19:05 FlyGoat

Source ? I highly doubt x86 platforms are ever going to be locked down like that.

I don't think Microsoft will ever sign something that loads unsigned applications, although they have unintentionally before you can see many examples on GitHub.

I saw somewhere in Internet but maybe it is not real (and I hope). But I don't trust Microsoft because it can bring x86S or something for avoiding legacy booting forcely.

ages2001 avatar May 25 '25 17:05 ages2001

I can't afford secure boot certification tbh. Also I doubt this kind of loader which allows you to load arbitrary OS is violating signing condition so it can never be signed.

Someone managed to boot XP x64 UEFI with secure boot with signing EFI file in Linux distro.

ages2001 avatar May 25 '25 17:05 ages2001

You can use EFI SHIM to run any EFI executable with Secure Boot on. Alternatively, you can sign it yourself and add your own certificate to the secure boot certificate database.

teknixstuff avatar Jun 01 '25 09:06 teknixstuff