Version Paracetamol 1.4142g

Workshop: Secure Boot Workshop

Event large

Secure boot received quite a bit of negative publicity, but if it's not used against you and you can deploy your own keys, it can be a nice tool for improving the security of your computer. This workshop will explain how you can set up secure boot on Linux with your own keys.

I will start by giving a short introduction to secure boot and after that we will go hands-on and make your device more secure! Ideally we start with a system that already boots via UEFI, but it's actually not too complicated to change a system booting via CSM (the BIOS compatibility mode) to booting via UEFI in-place, so we can also do that in the workshop.

The standard setup after this workshop will be a signed GRUB2 that then in turn verifies the kernel and initramfs it boots, but other setups are also possible. Of course you can also take part if you don't want to touch your device but rather just want learn something about secure boot or discuss some ideas you have.

You shouldn't be afraid to use a command line, we will need it a lot. You should also be somewhat familiar with how your distribution manages installed kernels so that you know what to do on updates and how to automate this.

Things you want to bring with you:

  • The device on which you want to set up secure boot

  • Some recovery boot medium (like a GRML usb drive)

Things you should do beforehand:

  • Check that your device supports UEFI and secure boot. Update your firmware/BIOS to the latest version, chances are good that there are less bugs in newer versions.

  • Backup! I don't think there is a particularly high risk for data loss but it's always good to have one, especially if repartitioning is necessary.

  • Make sure you have enough free disk space for an EFI system partition if you don't have one yet.
  • Standard disclaimer: I'm not responsible for any damage. In the past there were some notebooks with nasty bugs in their firmware, so I can't rule out that we trigger some. I don't think there will be bricked devices, but you should be aware that it could happen.


    Tag: 02.09.2016
    Anfang: 21:00 Uhr
    Dauer: 03:00
    Raum: Intensivstation (Workshops)

    Sprache: en



    Uns interessiert deine Meinung! Wie fandest du diese Veranstaltung?

    Concurrent Events

    Kreißsaal (Saal 1.11)
    Coronary bypass at the heart of the Intertubes, badly needed
    Chirurgie (Saal 1.04)
    Medical Security Nightmares