Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>And if Microsoft stops signing your bootloaders it is an automatic death sentence for your distribution, as you can no longer boot the LiveCD without "scary prompts" and/or fiddling with the BIOS setup.

Not really?

Several popular Linux distributions simply do not support Secure Boot. Arch Linux is one of them.



That's because current generation of hardware does not mandate secure boot on x86. I expect that will change once Windows 11 has had a few years to turn the majority of the computers secure-boot capable due to its hardware demands.


That would be against the current UEFI spec. I get that people are cynical and expect this to happen but I don't think it will.

There are however going to be a lot more issues self-enrolling keys going forward.


Just for clarification, I believe you mean that it's not something supported out of the box, in the form of a signed kernel / bootloader. It is something Arch Linux users could choose to set up themselves; there's a whole wiki article on it.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: