User:WavyEbuilder/Gentoo Hardened Verified Boot Install/Requirements
From Gentoo Wiki
Jump to:navigation
Jump to:search
Before getting started, it's important to go over the system requirements.
Minimum System Requirements
To successfully follow this guide, you'll need at least the following:
- A native EFI (no csm) capable system:
- We'll be making use of many UEFI features that legacy BIOS machines don't have such as Secure Boot. BIOS machines are out of scope and are not supported.
- Some early UEFI machines support CSM. If your machine does, make sure to tick that off in your UEFI firmware settings.
- Support for custom Secure Boot key enrollment:
- Because we won't be using a kernel or shim signed by Microsoft we'll need to create and enroll our own Secure Boot keys.
- Option Roms are in scope and should cause no problems setting up Secure Boot.
- A TPM 2.0, either fTPM or dTPM (TPM 1.0 is out of scope):
- We'll be using the TPM for automatic luks drive encryption (with an optional low-entropy pin).
- Some TPM 1.0 machines support a firmware upgrade to TPM 2.0. Before giving up hope on a TPM 1.0 machine, make sure to check your PC manufacturer's website in case your machine supports a firmware upgrade to TPM 2.0.
- 64-bit amd64 (x86-64) capable processor
- A USB flash drive with a Linux livecd burned (any should work, use the Gentoo Admin CD available here if in doubt)
- A working internet connection that your target PC can access
Assumptions
Before continuing, it will be assumed that you:
- Are currently booted into a Linux livecd
- Have configured your UEFI firmware as mentioned in the requirements above.
With that out the way, its time to get started!
< Previous | Home | Next > |