OS type and version
just a small question here - what does this package does and is it part of Virtualmin/Webmin or it’s from the OS ?
[shim-signed](https://mydomainname.com:10000/package-updates/view.cgi?mode=updates&name=shim%2Dsigned&system=apt&search=) Secure Boot chain-loading bootloader (Microsoft-signed binary) **New version 1.51.3+15.7-0ubuntu1** Jammy-updates
comes from the OS. necessary if you boot using UEFI.
shim-signed: Secure Boot chain-loading bootloader (Microsoft-signed binary)
This package provides a minimalist boot loader which allows verifying
signatures of other UEFI binaries against either the Secure Boot DB/DBX or
against a built-in signature database. Its purpose is to allow a small,
infrequently-changing binary to be signed by the UEFI CA, while allowing
an OS distributor to revision their main bootloader independently of the CA.
This package contains the version of the bootloader binary signed by the
Microsoft UEFI CA.
Thank you very much for this clarification.
On a side note, it sounds strange, that Ubuntu based system needs something, signed by Microsoft.
if ubuntu wants to boot using UEFI/SecureBoot that’s the only way. Debian and most mainstream linux distros do the same thing…
related reads :
New Windows PCs come with UEFI firmware and Secure Boot enabled. Secure Boot prevents operating systems from booting unless they’re signed by a key loaded into UEFI — out of the box, only Microsoft-signed software can boot.
Est. Reading Time: 3 minutes
Secure Boot is a UEFI firmware security feature developed by the UEFI Consortium that ensures only immutable and signed software are loaded during the boot time. Secure Boot leverages digital signatures to validate the authenticity, source, and...
if you boot using “Legacy Boot”, then you don’t need any of that.
April 6, 2023, 8:04am
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.