thanks but if I have to do that everytime I rebuild a kernel frankly Microsoft can shove its secure boot up its $YOU_KNOW_WHERE!

(FWIW I had seen also this but it's still too painful)

2 members found this post helpful.

So, the Virtual Box has support for Secure Boot and (virtual) TPMs on its virtual machines?

IF yes, everything is probably fine.

IF not, the Windows 11 will not work on those virtual machines.

Yes, every time you build a new kernel, you will need to sign it. Not a big deal, at least for me, because I already use a script to prepare and install on EFI partition the kernel and the associated initrd. So, I should add probably several lines on that script.

However, let's make a point: signing the kernels is required ONLY when the Secure Boot is used, because the user wants to keep also Windows 11 alive, or just happens that the BIOS has no option to disable the Secure Boot.

BUT, a Linux distribution having Secure Boot support does NOT mean that it cannot be used without it. It could be used fine without Secure Boot.

You have the ability to disable the Secure Boot or it does not exists? You do not need Windows 11? Then nothing will be changed for you.

Again, I talk about Slackware, not about what Gurus do.

Good read: https://www.theverge.com/2021/6/25/2...ement-security

Unclear to me so far:

1. Will Windows 11 run with Secure Boot disabled after installation?
2. Will it be possible to run Windows 11 in Qemu/QVM VM (assuming that the host meets the hardware requirements listed by Microsoft)?

In the UK, many public sector organisations (schools, colleges, local authorities) have bought low-end PCs and low-spec laptops so as to be able to run Windows 10, and have had to purchase extra laptops &c as a result of working from home advice during the pandemic. To find that these may be junk in 3 to 4 years is not going to be especially popular. At all.

As you are quoting The Register...
https://forums.theregister.com/forum...sor/#c_4283281

and

https://forums.theregister.com/forum...sor/#c_4283384

As you can see, there is considerable confusion about the requirements for the *released* Windows 11. Best to sit tight and see how the situation develops over the next year or so.

Posting this off a core duo laptop with 4Gb Ram and a 60GB sata SSD running a full install of Slackware.

Several days ago I talked with a sysadmin from the company where I work (they use today Windows 10 on their computers), and he said that they received docs which says clear that Windows 11 needs Secure Boot enabled and a TPM 2.0 device available on the box. And looks like the Windows 11 will be 64bit only - no 32bit release will be made.

So, the Windows 11 cannot be installed and work on a computer without EFI, Secure Boot and a TPM 2.0 device no matter if we talk about bare metal or virtualization.

Installed, indeed. Work I am still unsure, as this is not stated in https://www.microsoft.com/en-us/wind...specifications. Anyway, I don't need a definitive answer before the end of the day, and an answer is definitive only until it changes

PS I won't rule out that one of the drivers for the requirements listed in theses specifications be "Avoid that Microsoft customers be victims of phising, ransomeware, identity theft or such".

I'm arguing that by definition Microsoft Windows IS phishing and ransomware... maybe not identity theft but give them time.

6 members found this post helpful.

I do not want to own and operate Intel processors and chipsets which are susceptible to the problems of:
Are any of Intel's 8th generation or newer processors (and their associated chipsets) not susceptible to the above?

1 members found this post helpful.

Let me guess...

So, you believe that the lack of support for Secure Boot on Slackware saves you from those "horrors" ?

Hi LuckyCyborg,

Your guess is wrong. I expect that eventually Slackware will have support for SecureBoot, and when it does, then I will be interested in running SecureBoot on hardware/firmware which does NOT contain the before mentioned flaws.

I do not spend large amounts of time keeping up with capabilities and flaws of modern computer hardware. I am hoping someone knows of processors and chipsets without these flaws, and is willing to tell us on Linux Questions.

Probably half of folks (like me) will not have their CPU supported anyhyow

https://tech.slashdot.org/story/21/0...supported-cpus

1 members found this post helpful.

I have found it reported that about a quarter of the TPM implementations which were in existence in 2017 are affected by the ROCA vulnerability (and that this flaw was estimated to also affect millions of 'smart cards').

In 2017, it was reported that Intel Trusted Execution Technology has flaw CVE-2017-16837.

In 2018, it was reported TPM 2.0 has flaw CVE-2018-6622.

Okay. I agree. The TPMs are bullshit. A bullshit required by Windows 11, optional for Linux. And?

What meaning has the TPM's vulnerabilities for running Slackware along with Windows 11? Absolutely nothing.

The fundamental issue on running Slackware along with Windows 11 is that it requires Secure Boot being enabled.

Which Secure Boot, even today, after 5 (five) years of development, is not supported by Slackware 15.0 beta and we are the SINGLE major distribution without support for this.

If you have another computer available from which to prepare a USB boot stick, it is easy enough to install slackware on a secure-boot only computer: you need to use the Linux Foundation's PreLoader or Fedora's shim, both of which have been signed by Microsoft's certificate for third party EFI binaries. Likewise, once installed you can boot up slackware with secure-boot enabled (I do).

3 members found this post helpful.