[mythtv-users] OT - UEFI, Secure Boot, Fedora and nVidia drivers

Rod Smith mythtv at rodsbooks.com
Mon Jul 2 20:19:57 UTC 2012

On 06/26/2012 01:19 PM, Gary Buhrmaster wrote:
> You are correct that almost all commercial PCs sold in retail
> will have secure boot enabled (since a high percentage of them
> are sold with Windows pre-installed).  Whether the mainstream
> manufactures will allow it to be disabled (easily) is as yet unknown.

Actually, this is known. Microsoft's requirements for Windows 8
certification stipulate that the user *MUST* be able to both disable
Secure Boot and modify the keys installed in the firmware on non-ARM
systems. On ARM systems, the requirements stipulate the opposite: Users
must *NOT* be able to do this. See the details here:


George Galt wrote:

> If I disable secure boot from
> BIOS/UEFI, would I be able to run unsigned nVidia drivers or would I
> also need to rebuild my kernel to run unsigned drivers?  Is it too
> early to know?

I can't say with certainty, but I can't imagine that it would work any
differently than it does now if you disable Secure Boot. In a worst-case
scenario, you should be able to change from the default boot loader to
one that doesn't look at signatures and everything should work as it
does now. OTOH, perhaps I'm misunderstanding something about how the
chain of trust works and therefore how it's altered when the first link
in that chain (the firmware's Secure Boot setting) is disabled.

More information about the mythtv-users mailing list