XPost: comp.os.linux.misc   
   From: nospam@needed.invalid   
      
   On Tue, 12/9/2025 8:15 PM, c186282 wrote:   
   >   
   >   On my HP, Linux WOULD NOT install with Secure Boot active,   
   >   one message even named SB as the big problem.   
   >   
   >   There was a toggle for SB ... but on reboot it would   
   >   re-enable. Had to get rid of the keys, THEN it stuck.   
   >   
   >   SB isn't necessarily *evil* ... but there are times it   
   >   just Gets In The Way, esp if you're not doing Winders.   
   >   
   >   I'll look into it some more. MIGHT be I can generate   
   >   new keys and re-enable ... maybe .......   
   >   
   >   As for laptops (and maybe desktops (more rare now))   
   >   they seem to be getting more and more STUPID. There   
   >   were surprisingly few BIOS options. Sometimes they   
   >   are 'hidden' behind an obscure prompt or require   
   >   a secret key to be held or something ... and then   
   >   sometimes there is just NO fine-tuning anymore.   
   >   
   >   "WE know what you want/need !".   
      
   Linux has a signed shim for this.   
      
   In fact, a signing ceremony was done just recently,   
   to account for the revocation of a Microsoft key.   
   People physically fly to a certain location, to have   
   the shim signed.   
      
   But now the situation has gone too far the other way.   
   Ubuntu has done something to the UEFI content, which   
   has altered UEFI enough, that the Microsoft patch   
   for Black Lotus is failing to work (the machine could fail   
   to Secure Boot in the year 2026 if this is not corrected).   
   I have a binary dump of the key content, I can see two   
   Ubuntu entries, but I don't know why they are there, or   
   what the intentions of Canonical were by doing this.   
      
   Summary: The BEST reason for disabling Secure boot,   
            is the industry is simply too clueless to   
            operate the levers properly. It's a shame that   
            such a poorly thought out scheme, has resulted   
            in me turning it off in disgust.   
      
            As for Ubuntu, "FUCK WITH MY MACHINE? OUT THE DOOR YOU GO!!!"   
            Ubuntu is banned now. I will no longer answer questions   
            about Ubuntu by doing test installs of it. You damage   
            my machine, that's it. Now I don't even know if a   
            factory reset of the keys is sufficient to fix it.   
            Flashing the BIOS does not help (tried it). If   
            I factory reset it, what do I do next for all the   
            storage media in the room ???   
      
            The machine reserved for secure boot testing, has   
            ended up the way I expected it would end, with me   
            stuck with some mess I can't clean up. A victory for   
            the industry. I did not do anything to promote this.   
            I just install this garbage :-/   
      
            It's a good thing nothing in the room is "protected"   
            with Bitlocker. Then I'd really be screwed.   
      
      Paul   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)