Installing a Microsoft-signed binary??
by Completely Clueless from LinuxQuestions.org on (#6QHFB)
Hi all,
So my latest update invited me to install some sort of boot-loader "a Microsoft-signed binary" and I thought this was rather odd to say the least. I have the following questions:-
1. Why would GRUB need any add-on from M$?
2. Why would Debian permit such an atrocity?
3. WTAF is going on here? A "Microsoft-signed binary" indeed. What next? Google-signed binaries??
The package description reads:
This package provides a minimalist boot loader which allows verifying
signatures of other UEFI binaries against either the Secure Boot DB/DBX or
against a built-in signature database. Its purpose is to allow a small,
infrequently-changing binary to be signed by the UEFI CA, while allowing
an OS distributor to revision their main bootloader independently of the
CA.
So my latest update invited me to install some sort of boot-loader "a Microsoft-signed binary" and I thought this was rather odd to say the least. I have the following questions:-
1. Why would GRUB need any add-on from M$?
2. Why would Debian permit such an atrocity?
3. WTAF is going on here? A "Microsoft-signed binary" indeed. What next? Google-signed binaries??
The package description reads:
This package provides a minimalist boot loader which allows verifying
signatures of other UEFI binaries against either the Secure Boot DB/DBX or
against a built-in signature database. Its purpose is to allow a small,
infrequently-changing binary to be signed by the UEFI CA, while allowing
an OS distributor to revision their main bootloader independently of the
CA.