Merge pull request #280 from ArcticXWolf/add_signing_info_for_other_distros

Fixes #261 and adds info on other linux distros
2018-12-28 12:04:29 -05:00 · 2018-12-28 12:04:29 -05:00 · 8485551416
parent 3aef30af96 c19f5e200f
commit 8485551416
1 changed files with 8 additions and 3 deletions
--- a/SIGNING.md
+++ b/SIGNING.md
@ -1,7 +1,10 @@
 # Signing a custom kernel for Secure Boot

-(Instructions are for ubuntu, but should work similar for other distros, if they are using shim
-and grub as bootloader.)
+Instructions are for ubuntu, but should work similar for other distros, if they are using shim
+and grub as bootloader. If your distro is not using shim (e.g. Linux Foundation Preloader), there
+should be similar steps to complete the signing (e.g. HashTool instead of MokUtil for LF Preloader)
+or you can install shim to use instead. The ubuntu package for shim is called `shim-signed`, but
+please inform yourself on how to install it correctly, so you do not mess up your bootloader.

 Since the most recent GRUB2 update (2.02+dfsg1-5ubuntu1) in Ubuntu, GRUB2 does not load unsigned
 kernels anymore, as long as Secure Boot is enabled. Users of Ubuntu 18.04 will be notified during
@ -13,9 +16,11 @@ Thus you have three options to solve this problem:
 2. You use a signed, generic kernel of your distro.
 3. You disable Secure Boot.

-Since option two and three are not really viable, these are the steps to sign the kernel yourself:
+Since option two and three are not really viable, these are the steps to sign the kernel yourself.

 Instructions adapted from [the Ubuntu Blog](https://blog.ubuntu.com/2017/08/11/how-to-sign-things-for-secure-boot).
+Before following, please backup your /boot/EFI directory, so you can restore everything. Follow
+these steps on your own risk.

 1. Create the config to create the signing key, save as mokconfig.cnf:
 ```