Implement Restricted Boot Mode (!16) · Merge requests · firmware / PureBoot

Kyle Rankin requested to merge add_restricted_boot into purism_next Oct 25, 2022

Restricted Boot mode only allows booting from signed files, whether that is signed kernels in /boot or signed ISOs on mounted USB disks. This disables booting from abitrary USB disks as well as the forced "unsafe" boot mode. This also disables the recovery console so you can't bypass this mode simply by running kexec manually.

Admin message

Implement Restricted Boot Mode

Merge request reports