Ticket #1152 (new task) — at Initial Version
Deal with Secure Boot on Windows 8-era hardware
Reported by: | achernya | Owned by: | |
---|---|---|---|
Priority: | high | Milestone: | Current Semester |
Component: | -- | Keywords: | |
Cc: | Fixed in version: | ||
Upstream bug: |
Description
Windows 8 requires that all hardware shipped with it pre-installed have Secure Boot enabled. This means that all hardware will have a UEFI and a TPM, along with a database of trusted keys. The trusted key will, of course, be Microsoft's.
This means that there will be additional hassle with new hardware bought for the clusters. For now, an option is to go into the UEFI settings and disable secure boot, but there is not guarantee that this will work as expected, or will continue to be an option.
Alternatively, we could do as Fedora did, and pay $99 for a Microsoft-signed key to sign our distributions. This is a one-time fee. This is not ideal, as then we have to deal with yet another credential, but it beats sitting and waiting for Upstream to deal.