Disabling Secure Boot Restriction in Fedora 18

As and when users disable the security checks within the Shim secure boot bootloader Fedora 18 simply disables all the restrictions that are imposed due to the secure boot support. Fedora 18’s secure boot support verifies the Grub and kernel binaries upon every boot. This can be disabled by calling the “mokutil –disable-verification”. Once disabled, on the next boot the Grub loader which follows the Shim will effectively launch any Linux kernel even if it is unsigned and even if Secure Boot is active. Without this Shim only allows trustworthy Grub and kernel binaries to run.

The option to disable the verification of kernel and binaries was available previously as well but there were restrictions that were imposed viz. features like the Kexec/Kdump and kernel monitoring via Systemtap or Kprobes and Suspend-to-Disk or Software Suspend stopped working. But these restrictions have been removed with two kernel updates for the Spherical Cow.

Disabling the verification would allow users to either load self-compiled kernel modules or other Linux distros. Even if the secure boot is enabled, users will be able to load proprietary graphics drivers from AMD and NVIDIA.