Aren/haiku
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
42c53fc8b8
haiku/data/boot/efi/keys/README.md
Alexander von Gluck IV 31f27c4d39 boot/efi: Optionally sign our EFI bootloader 
* The private keys are in possession of Haiku, Inc.

Change-Id: I3b5b004e1dce0102f8a65f6d682f7e428845efe8
Reviewed-on: https://review.haiku-os.org/c/haiku/+/4936
Reviewed-by: Alex von Gluck IV <kallisti5@unixzen.com>
Reviewed-by: waddlesplash <waddlesplash@gmail.com>
2022-02-18 21:32:56 +00:00

38 lines
1.2 KiB
Markdown
Raw Blame History

# Haiku UEFI Keys
The EFI keys in this directory can be used to boot Haiku in UEFI Secure Mode.
The Haiku, Inc. key must be appended to your EFI BIOS trusted keychain to function.
> This is only needed when you're booting in EFI Secure Boot mode! It's probably
> easier to disable EFI Secure Boot in most cases.
## Installing UEFI Keys
To trust Haiku's EFI bootloader, you'll need to append our DB key to your BIOS's
DB keychain.
> Ensure the Haiku installation media is inserted / plugged into your computer.
Real world examples:
* Dell XPS 13 Laptop (Dell BIOS)
* Boot laptop, press F2 to enter BIOS
* Settings -> Secure Boot -> Secure Boot Enable
* Verify Secure Boot is enabled, otherwise this does nothing.
* Settings -> Secure Boot -> Expert Key Management
* "Enable Custom Mode" checked
* Press "Reset All Keys"
* Choose db, then press "Append from File"
* Navigate to the Haiku USB installation media
* EFI -> KEYS -> DB.auth
* Framework Laptop (InsydeH20 BIOS)
* Boot laptop, press F2 to enter BIOS
* Security -> Secure Boot
* Enforce Secure Boot enabled
* DB Options -> Enroll Signature -> PKCS7
* Haiku ESP -> KEYS -> DB.cer
* (you can leave the "Owner_GUID" blank)
* Enroll DB.cer -> Yes
* F10, Save and Exit
Reference in New Issue View Git Blame Copy Permalink