I think what bugs most people about secure boot is that it does not really address a threat most of us who actually own the machines face. Yes it maybe helps lock down some supply chain issues, but other than that I don't see it as really offering much in the way of system harding or increased security for 'me' or really anyone I know. Those of us industries and personal situations where supply chain type attacks are a realistic concern already had ways to mitigate root-kit like threats.

So who/what does benefit from 'secure boot' - content companies and commercial software vendors. The benefit to them is directly a harm to you - its taking away your freedom to modify the platform you used to own they get more control you get less.

Ahh, come on.. We all know "smart"phones have empowered users, not enslaved them..
We all know "smart"phones are excellent at doing important things and almost never used for unimportant and unproductive activity.
We all know most programmers use their incredibly powerful and well designed device to program powerful software for the world and do important work. It's not like these devices are entirely unproductive and unable to do anything useful.

http://blog.mediendesign-kiel.de/wp-...ne-zombies.png

There lies the problem for people who want to maintain the existing Microsoft configuration, but also add support for Linux.
If you wish to maintain the existing Microsoft configuration, then you are subject to the alterations that Microsoft applies through the Windows update process.
Case in point - KB4535680: Security update for Secure Boot DBX: January 12, 2021
This moved the Microsoft Corporation UEFI CA 2011 into dbx, so any binaries that had been using that certificate would no longer load. Seems like no big deal until you realise that is the certificate used by Microsoft to sign non-Microsoft UEFI boot loaders, such as those used to load Linux or other operating systems.

And please tell me how the lack of SecureBoot support on Slackware will improve the life of the Slackware user wanting to use also Windows 11 or has no ability to disable SecureBoot?

For avoiding the issues and headaches with KB4535680 and its alike, we ensure that Slackware will NOT boot at all? :D

Actually it is possible that some users will learn how their own computers are in effect being stolen from them (as if the EULA wasn't enough) and manufacturers and devs will at least consider issues before they just cow tow to MS.

BTW and just FTR, I freely admit and am in fact proud to be a Microsoft Hater and for damned good reasons exactly like this one. From my POV the way to insure Slackware, and any other legit OpSys can boot is not to cave in to MS but oppose those sneaky, greedy rat bastids. They are STILL the company that called Linux "That virus!" and can't even be satisfied by 90+% market share. They are still the company that ruined personal, business, and government archives by changing those and backup formats for no other reason than to serve themselves by excluding everyone else. They are like a foot racer who doesn't train but just equips an AK-47 and mows down all their competitors, real and imagined. I don't disallow they have had some good effects on popularizing computing and fill a valid niche, but I consider the net result a loss.

Finished installing -current on a laptop that came with win10 pre-installed, the attached snapshot sums up your choices (if you're not a techie) when it comes to dealing with MS.

What nice hopes! As IF the Slackware users are legions...

In fact, the future possible Slackware user will not even bother why the Slackware DVD does not boot on his box, but will conclude that Slackware is not compatible, then will download Ubuntu and will install it with no issues.

From his POV, the Slackware installer just does not to work on his particular hardware.

This brings to mind a scene from The Simpsons

https://www.youtube.com/watch?v=nB8LflLMiCQ

True, LuckyCyborg, and I won't be buying any such hardware. As usual any hardware I buy that supports Free and Open Linux, I always mention when I register the device that I bought from them exactly because of that support and didn't buy from numerous of their competitors that don't support what I need. Sure, I'm only one person, but I'm not about to let it be Zero just because others find it easier to cave.

About Windows 11:
- What Slackware can to do now ?
- It simple, how to in Company Of Heroes Game (1), Dropping the Smoke !
Reason: COH is AImed, and can run in Slackware, w/o STEAM !

http://www.slackware.com/~msimons/slackware/grfx/

See also: Company Of Heroes 3 Advance: " Japan Assault " ;-)

https://relic.com

What's the TPM2 issue? Windows 11 makes tpm 2 mandatory? Does it make mandatory that secure boot be turned on?

In that case maybe you can use the same shim Debian has, then use your own signing key for whatever else has to be measured or whatever. Does Slackware have to do anything to support that? Sounds more like someone just writes a howto and people who need or want Secure Boot turned on follow it.

https://wiki.debian.org/SecureBoot#Shim

Or, I don't know why anyone would want to run Windows 11, but if that's the thing requiring secure boot being on or your hardware doesn't have it, run in QEMU with TPM 2 virtuallized using swtpm?

https://github.com/stefanberger/swtpm

It's all pretty gruesome, but doable, yes?

A howto: https://www.rodsbooks.com/efi-bootlo...ecureboot.html

Or the user could have just read README_UEFI.TXT
Maybe such a user would be happy simply running Windows Subsystem for Linux or a Hyper V virtual machine

Unfortunately, those suggestions are inapplicable today, when Windows 11 requires SecureBoot.

Additionally, there are many computers, sold brand-new today, where disabling the SecureBoot is not even an option on BIOS. And looks like the trend will continue - after all, even the UEFI CSM module is an additional and just a legacy complication?

Or he can just install Ubuntu, or Fedora, or openSUSE, or whatever else major Linux distribution, other than Slackware.

Is not like the user has no other choices than to go on street riots against Microsoft and hardware makers...

It's obviously that by Slackware not supporting SecureBoot will happen a sole single thing: Slackware will loose users, nothing else.

Yes, the TPM 2.0 is mandatory for Windows 11, but also there exists even TPM 2.0 modules, which can plugged on a slot on motherboard. Their prices exploded today - $100 or so, but it was something not that vendible, and anyone should expect that China factories will turn to them, and considering the demand, probably in no more than a half of year the market will be flooded by $5 TPM 2.0 modules. Made in China, of course.

Yes, also the Windows 11 requires SecureBoot, but many considerable older motherboards supports it and not other major Linux distribution has issues with booting on SecureBoot enabled motherboards.

I would dare to say that the SecureBoot Issue is effectively something specific to Slackware.

You are kidding, right? The Slackware installer or the LiveSlak does NOT boot under SecureBoot.

IF the user has no ways to disable it even temporary, no tutorial will be useful. ;)

Everything is reduced at a Shakespearian question:

To boot or not to boot?

At this question only Slackware Team can respond.

I am trying to understand these hypothetical users you keep invoking. If they have not been able to install Slackware, then they were never a Slackware user.
Caveat emptor. If such computers do not sell, they will not be made.

Yeah, it's beyond terrible these days.

I recently had the unfortunate displeasure of setting up a brand new Windows 10 laptop for a friend. On the first boot, you absolutely must use a Microsoft account to log in. You cannot create a user without a Microsoft account on Windows 10 Home until after you log in the first time. I can't say with any certainty that people don't like this, but many of the expletive laden account names I tried were already taken.

Actually, rkelsen, for Win 10 anyway, there are applications that absolutely will disable the whole "Windows account login" requirement among many other beneficent eviscerations. Think of it as Win 98 Lite, evolved.... dunno 'bout Win 11 and hope I never have to find out.

Imagine if the PC market was like the "smartphone" market. I'd have to stop using computers as well :mad:
Or, since I use a primitive mobile, I guess the equivilant would be using the raspberry PI for everyday use as a PC ;)

The sad thing is that Windows XP was actually somewhat free. The users were pretty free to use the system as they wanted. But Microsoft has learned from Apple and Google, and have been making Windows less and less generic "open" since Windows 7, and is now more into controlling "how" people should use a PC, the next step undoubtedly being to adapt the Apple/Google policy of controlling users through "their" device.

Dunno about globally, but in Europe Acer has been quite liberal in their policies of supporting whiteboxes (freedos or whatever), and also "Linux".. Previously a barebone unusable distro, but they changed this into a more usable one "elementaryOS", which means they actually put some effort into it as well. They have consistently had MANY models of laptops (of high quality as well) without Windows (at a reduced price) with "Linux". The advantage of buying such a product is knowing that all the hardware is compatible with the Kernel out of the box, and ofcourse the lesser price for the same product (without Windows).

So, if you want to vote with your money, please consider Acer. Have a look around where you live/online for Acer laptops with Linux, they should be available.

I'm quite radical about freedom, and I've been positively impressed by Acer the last 5-10 years (due to their Linux friendliness).

Just my experience.

Yeah, I know, but this was a brand new laptop which had Windows 10 Home pre-installed. It won't let you create a user without a Microsoft account. The only way around it was to create an account, then it allows you to create a user without a Microsoft account. Not sure how long it'll be before "Windows Hello" rears its ugly head though.

I don't know very much about Windows since 7 and I do see your conundrum but I'm wondering wouldn't it be possible to use one of those "Lite" isos into Repair Mode before ever booting the full installed version? FWIW there is also a Hirens-derived Win 10 PE Live system ( https://www.hirensbootcd.org/ ) that I think should allow piecemeal removal of whatever one wants to remove. I haven't tried that method on a never booted system so I'm uncertain but it may well be possible for anyone who cares to stop more than... what is it called? Candy Crush?

Anyway, YMMV but I'm betting there are ways besides installing whole from a hacked iso. IIRC a lot can be achieved by setting the date far in the future for "checkups". That of course will depend on what you "need" Windows for but in my case, simple and specific persistent firmware updates do not need system updates and I'm never on it long enough, especially with any active network, to worry about security beyond a decent anti-malware device.

When will Slackware 15.0 be released?
 

You're lucky. I wish I didn't have to use it.

You certainly have my sincere sympathy. When things "go south" in Slackware it's a minor bummer because I always have a good idea what the path will be to fix whatever I did wrong. When Windows gets bolloxed in moments I feel like yanking out my teeth with a sharp stick... well I did back in Win98/XP days when I actually used it for any length of time. Win2K was mostly reasonable and a stripped down Win 7 was at least passable. I find 10 a PITA even when it is stripped way down and in only momentary usage. I really don't want to even find out how bad 11 is.

if your running current
what is the output. enough said

No, not kidding. Now I see that there've been multiple threads with people in them that boot various versions of slackware with SecureBoot enabled, and that the simpler method using preloader in the Rod Smith link works. I also note you've already "been told" in at least one of these threads, so I guess I won't try to convince you further.

For myself, I've committed to buy every computer my best friend sells off when she upgrades. Just bought a macbookair4,2 (2011 Macbook Air). Next after that will be one of these new M1s, whenever she feels it's end of life. That last may mark my departure from Slackware depending on the state of arm64 by then (10 years from now?). But at least I won't have to deal with wintel machines.

Your posts motivated me to go down the Secure Boot rathole and sniff around. I've been hearing about this Secure Boot / TPM 2.0 / Trusted Computing stuff for over a decade, and now it is upon us with the imminent Windows 11 rollout, so how bad is it? Well, it ain't great, and it could turn into a real problem for sleepy Slackware, which is on a long, slow fade already and has been for some time. This is certainly not helpful. But it isn't necessarily dire either.

Slackware has three choices. They can do nothing and just take it in the chin. Or they can go the route of Fedora and Ubuntu and others, obtaining keys from Microsoft (a skin crawling process involving user agreements, credit cards, purchasing a somewhat exotically flavored Verign certificate, running Microsoft utilities on a Windows machine, and submitting sample binaries to be scrutinized by Microsoft). Or they can roll their own Secure Boot solution. That is an option, at least according to what I am reading. New machines are shipping with only Microsoft's keys, but the specification provides for multiple keys maintained in the BIOS keystore, and OEMs signing up for Microsoft's Secure Boot program are required (at least in theory) to support that feature.

That means you can create your own keys, write the public key to the BIOS keystore where they will reside next to the MS keys, sign you installer, bootloader, kernel and kernel module binaries with your private key and use those signed binaries to install and boot your OS. Some BIOS vendors apparently provide the facility to add and remove keys in their BIOS config utility. There is also an opensource toolkit that allows you to do so independently of the vendor's BIOS config utility.

If what I claim is true, and it seems to be true, then anyone sufficiently motivated to do so can install and run Slackware on a Secure Boot machine without first going to Verisign and Microsoft on bended knee with credit card in hand. It looks like it would be a bit arduous and perhaps a little harrowing the first time you did it, but you could do it. A Linux sysadmin could do it. And if a sysadmin could do it then a really competent sysadmin, a Linux distribution maintainer, the original Linux distribution maintainer, he could automate it. That would be Patrick Volkerding's third option.

So if rolling your own keys is an option, why did those other Linux distributions make the distasteful choice of enrolling in Microsoft's Secure Boot program? Well, that is probably the safest choice. Those BIOS vendors agreed to adhere to the Secure Boot spec provision for multiple keys, and probably most of them have done that, but if their BIOS product is tailored for the preinstalled Windows consumer PC market then there is only one set of keys that they really have to be able to handle, the Microsoft keys. The possibility exists, therefore, that some BIOS vendors have cut corners. So Red Hat, Ubuntu and whoever else played it safe. They got their keys from Microsoft. Slackware can do the same, or they can strike out on their own path, or they can do nothing, shutting the door to all but the most dauntless dual booters of tomorrow.

I don't really have an immediate stake in this game; I don't run the Windows, but I am fond of Slackware, I would like to see it endure.

Getting GNU/Linux running on a PC was always a bit of a hack. Luckily it got alot easier over the years. I don't see much difference with the "do it yourself" method in regards to secure boot.
Sure, they could have made it easier and more accessible (UEFI/secureboot) instead of making the boot process more complicated. But that's just the world we live in I guess.

If you look at what is on the Slackware disk (14.2), the boot process is already fairly complex, and Slackware seems to handle it just fine.

My only point was that some communication from the top could not hurt. Yup, I could do that. But I'm not going to. I have a job and a life I choose to support with my wallet instead given my priorities. Plus, who cares what I think? (clearly not you ;))

People thought Slackware was dead because Slackware looked dead - unless you knew where to look. And asking in the "official Slackware forum" tended to get more flames than answers. Back when there were 2 years between releases - ya, I get it. After 4-5 years - maybe some additional "customer expectation management" might have been helpful.

The title of this thread is

When will Slackware 15.0 be released

Well now there is a thread, started yesterday, advising that Slackware 15.0 RC1 has been released.

Whether you consider a RC close enuff depends upon you.

Either way I figure the answer is really soon.

When will Slackware 15.0 be released?

Soon.

Looking at the history of Slackware RC's and releases, probably sometime the next 1-3 months ;)

Member Response
 

Hi,

You can get a lot of information from the changelog. Once the rc1 progress with testing by users to provide feedback to PV then progressing to the next rc will be a point closer. Once PV decides then a new release will appear. We must help this progression by using the rc and hopefully shake out any bugs.

Have fun & enjoy new rc!
:hattip:

I'm doing that right now actually.. I think.. rc= current -current, right?

It's actually the first time I'm ever running -current, so I'm not too familiar with non-release stuff.

Might as well link this here, distrowatch news Slackware 15.0 RC1:
https://distrowatch.com/?newsid=11322

RC1 = Release Candidate # 1

Slackware 15.0 RC1 either turns into Slackware 15.0 (a formal release) or else changes are made and RC2 is made available. It's all in the development tree (-current) until the stable release. See change log for status details.

It's been a while since we observed this process with Slackware. Some people may have forgotten.

And, there happened even 5 Release Candidates... ;)

Could well happen again.

BUT, the great news is that we are "almost there" and in the next month(s) we will have Slackware 15.0 released.

I beg your pardon, aside from testing 13.37, my last Slackware was Slackware 12 or thereabouts.

Anyways, I've had Slackware 14.2 installed for awhile as a second distro, and I've played around with it quite extensively recently to warm up for Slackware 15. I'm currently testing 15.0 RC1 on another computer. I just wasn't sure that was officially how you do RC1 testing, but seemingly it is..