CentOS

I installed centos 8 on a system with a AMD Ryzen 7 3700X cpu, with secure boot disabled in the bios.

Now, I enabled secure boot in the bios, but booting centos clearly shows that secure boot is not in use. So how do I tell both the bios and centos to use secure boot on an already installed system?

Thank you.

My (very weak) understanding of 'secure boot' is that it prevents 'aliens' from altering the boot record. I wonder how one knows it's not working.
I have mine turned off because I have a number of programs whose updates (VirtualBox, I think is one) will fail if they are unable to write to the boot record.

How can you tell it isn't working?
Thank you.

secure boot allows us to key sign the uefi bios part and what actually boots, including the kernel and all modules.

since virtualbox loads custom modules, they would need to be signed, so on every update you need to sign them all over again.

to see if secure boot is working, you can just "dmesg | grep -i secureboot", in mine it says disabled. If there is no secure boot feature in the bios then it may not say anything.

Ahhh! Thank you.

KernelOops wrote: ↑

2019/10/21 08:53:19

I installed centos 8 ...

In Legacy or in UEFI mode?

I installed in UEFI mode.

I was asking because I expected a secure-boot enabled UEFI firmware to simply not boot a secure-boot disabled OS. Isn't this the whole point of secure boot?

I don't know how its supposed to work with this bios, the settings are quite different from what I'm used to.

For example, I've setup several DELL laptops with CentOS or Fedora and secure boot worked great there, without doing anything in particular. Here is an example from those laptops:

Maybe there is something different in this Ryzen board... hmm...