I just discovered that Qubes OS 4.3 is not ready for secure boot, and even if I don't have Microsoft's latest certificates installed.
Is this expected? Most modern hardware comes with secure boot enabled these days.
Kind regards,
Ulrich
Hi Ulrich,
Indeed, secure boot is not supported by Qubes OS 4.3, nor any prior version to my knowledge, mainly because it is not supported by Xen; but also because secure boot is not an amazing system. Quoting the Heads developer:
"What's wrong with UEFI Secure Boot?
Can't audit it, signing keys are controlled by vendors, doesn't handle hand off in all cases, depends on possible leaked keys."
If you want an alternative, you have Heads (https://trmm.net/Heads/,https://osresearch.net/) or Anti evil maid (Anti evil maid (AEM) — Qubes OS Documentation).
You may want to check the following:
- Frequently asked questions (FAQ) — Qubes OS Documentation
- Is it possible to enable UEFI Secure Boot in Qubes OS?
Kindly,
Shuos Jedao
3 Likes