Grub-EFI: desativa a verificação de assinatura?

1

Seguindo de minha pergunta anterior , parece que o Grub -EFI se recusa a inicializar qualquer kernel que não esteja assinado. O que é um problema, porque o kernel que eu quero inicializar não está assinado. Então, o que eu estou querendo saber é ... Existe alguma opção de configuração para desativar essa verificação?

    
por MathematicalOrchid 24.04.2014 / 12:24

2 respostas

1

Se você pode soltar em um shell, você pode definir uma variável de ambiente grub, como indicado em grub.info:

Note that signature checking does not prevent an attacker with (serial, physical, ...) console access from dropping manually to the GRUB console and executing:

 set check_signatures=no
    
por 25.05.2016 / 14:07
0

Eu acredito que você pode desabilitar isso através do BIOS do sistema. De acordo com as instruções deste artigo, intitulado: Gerenciando carregadores de inicialização EFI para Linux: lidando com inicialização segura .

trecho

Disabling Secure Boot

If you aren't convinced that Secure Boot will improve your system's security, you might want to disable the feature entirely. Given the fact that most malware targets Windows, this approach is most reasonable on computers that don't run Windows. You'll have to be comfortable navigating your firmware's setup screens to do this. Unfortunately, there's no standardization in where Secure Boot options might be located or what they might be called; therefore, I can't provide a procedure that will work for every computer. I can, however, describe the options on one computer I own that supports Secure Boot: The ASUS P8H77-I motherboard. This board ships with Secure Boot options disabled, but based on my experimentation, I can see how it would probably ship if it were used on a computer with Windows 8 pre-installed. Based on those assumptions, to disable Secure Boot, you should:

  1. Enter the computer's firmware utility by pressing Del during the initial stages of the boot process (before any boot loader appears). Some computers use other keys for this purpose; examine your early boot-time messages or read your computer's manual to learn what to use.
  2. If you're configured to boot in EZ Mode, press F7 to enter Advanced Mode.
  3. Click the Boot tab.
  4. Click Security Boot Parameters near the bottom-left of the screen. (It's conceivable you'll need to scroll down to see this on some systems.)
  5. Change OS Type from Windows 8 UEFI to Other Legacy & UEFI. The Secure Boot Mode and Key Management options should disappear.
  6. Press the F10 key to save your changes and reboot the computer.

Referências

por 24.04.2014 / 14:30

Tags