=== tsimonq2alt is now known as tsimonq2-
=== tsimonq2- is now known as tsimonq2
[20:13] <streulma> cyphermox ?
[20:13] <cyphermox> hi
[20:13] <streulma> 16.04 installer disabled my Secure Boot
[20:13] <streulma> in Shim
[20:13] <streulma> how can I enable it again ?
[20:13] <cyphermox> sudo mokutil --enable-validation
[20:14] <cyphermox> but it's *supposed* to disable it, if you have any dkms package installed, as otherwise soon those modules will not be loaded by the kernel
[20:15] <cyphermox> by "soon", I mean possibly next week
[20:38] <streulma> is Secure Boot then also disabled on PC's where you CAN'T disable Secure Boot ?
[20:41] <streulma> cyphermox you are a life saver !
[20:42] <cyphermox> you can't "can't disable Secure Boot" when it comes to Linux
[20:42] <cyphermox> ie. the change is done in shim and thus does not affect Windows at all
[20:43] <cyphermox> the update that does this also should be asking you to confirm before applying the change
[20:43] <streulma> so you can install Linux on all pc's from now? :-o
[20:43] <cyphermox> well, that depends
[20:43] <cyphermox> some weird BIOSes may not be able to do the right thing
[20:44] <streulma> I have an asus notebook
[20:44] <cyphermox> ie. if you can't boot EFI, it's not going to install in EFI, and thus won't do anything to Secure Boot
[20:44] <streulma> no but on some you can't disable secure boot
[20:44] <cyphermox> I don't know
[20:45] <cyphermox> the Ubuntu CDs are signed, so you should be able to boot them even with Secure Boot enabled, provided that the BIOS has a Microsoft key loaded to verify the signature -- most do
[20:45] <streulma> I thought, ah :-) they disable secure boot in shim so they found a way to do it without affecting the bios
[20:46] <cyphermox> what we're changing is some kind of flag that only affects things loaded via shim
[20:46] <cyphermox> and *only* if there are dkms packages detected, otherwise it's unnecessary to disable Secure Boot
[20:46] <streulma> virtualbox needs dkms
[20:47] <cyphermox> yes, that's possible
[20:47] <streulma> and for Fedora you need to self sign and probe with mokutil
[20:47] <cyphermox> right
[20:47] <streulma> in Ubuntu it is signed with the Canonical key I think
[20:47] <cyphermox> you can still do that, we're just making it possible for users to skip the self-signing part because it's a little complicated, and instead disable shim validation
[20:48] <streulma> ah, :-)
[20:48] <cyphermox> we'll do some thing to make it easy for users to self-sign instead in the future