Endeavour (MATE Desktop) not EFI signed,
result in unable to boot the Flash drive on a system with “secure boot” enabled. (Where I don’t have the BIOS password)
( Incidentally cannot either boot a flash drive with Ventoy, or at least not easily)
On this system, I can boot Fedora and Debian ISO’s : they are now UFI signed.
Suggested fix: make sure all ISO files are EFI signed.
Suggested fix: reset the BIOS so you don’t need a password to get in.
It is not about signing the ISO.
For a Linux system to be bootable with Secure Boot enabled, several things need to be signed: EFI bootlader binary, kernel images, kernel modules etc.
I don’t think EOS has any plans to do so, as Arch which is the base of the OS doesn’t support Secure Boot either.
If you have the possibility and know how to reset a password protected Bios, that is fine.
If not, your choice of Linux systems supporting Secure Boot is limited.
Cactux:
Yes, exactly but this is not for so many files, Fedora, openSuse, and recently Debian do exactly this !
Their build (mot-likely using a Makefile) is probably where they do it, so it is not so hard…
And it works just fine…
Why does this matter ? Koz, quite a few (me included) bought used laptops with am unknown BIOS password.
Can you not reset the bios to it’s defaults, thus removing the password?
I know that this is technically possible. As mentioned, EOS inherits the great majority of its features from Archlinux. And Arch has no support for secure boot as of now.
If the devs have not opted to use a signed shim certified by Microsoft, that is their call.
The fact that some other major distributions do so has no bearing on this.
Currently, I don’t think there are any Arch-based distributions that supports secure boot.
However, I think it is possible to build your own custom ISO with secure boot support if you know how. Unfortunately, I don’t. I have never looked into how to do that.
In the meantime, if you don’t build the ISO yourself and you are interested in using Arch, you could use one of the distributions you mentioned and run Arch with DistroBox with almost native performance.
For most laptops I have seen, this is impossible. You need the password as well for reset to defaults. Otherwise, the whole password protection would be worthless.
You could unsolder the EEPROM where the password resides and re-solder a new one in it’s place. But that’s easier said than done.
Some years ago I was able to reset the BIOS of a laptop by removing the cmos battery, so I guess it depends on the laptop in question.
Maybe just removing the cmos battery will do it or booting with a jumper set.
At least for Dell, any AIO or Desktop after 2020 and laptops for far longer cannot be reset simply by resetting the CMOS or removing the battery.
How to recover a forgotten BIOS password on a Dell laptop, desktop, or AIO computer (Desktop and AIO after 2020).
BIOS passwords cannot be recovered. If you have forgotten one of the passwords that is set in the BIOS, contact Dell Technical Support to obtain a password release code. The password release code is based on the unique password prompt that is generated using information from your Dell laptop.
Without the password release code (given by Tech Support after proof of ownership), you cannot reset the password.
Other manufacturers might still have backdoors via CMOS reset or removing the battery.
Secure boot came about from Microsoft. I have no need and very little faith in wanting to use it. 
A couple of things:
Adding support for Secure Boot on the ISO is a major effort with significant cost.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.