User:WavyEbuilder/Gentoo Hardened Verified Boot Install/Requirements

Before getting started, it's important to go over the system requirements.

Minimum System Requirements

To successfully follow this guide, you'll need at least the following:

• A native EFI (no csm) capable system:
  • We'll be making use of many UEFI features that legacy BIOS machines don't have such as Secure Boot. BIOS machines are out of scope and are not supported.
  • Some early UEFI machines support CSM. If your machine does, make sure to tick that off in your UEFI firmware settings.
• Support for custom Secure Boot key enrollment:
  • Because we won't be using a kernel or shim signed by Microsoft we'll need to create and enroll our own Secure Boot keys.
  • Option Roms are in scope and should cause no problems setting up Secure Boot.
• A TPM 2.0, either fTPM or dTPM (TPM 1.0 is out of scope):
  • We'll be using the TPM for automatic luks drive encryption (with an optional low-entropy pin).
  • Some TPM 1.0 machines support a firmware upgrade to TPM 2.0. Before giving up hope on a TPM 1.0 machine, make sure to check your PC manufacturer's website in case your machine supports a firmware upgrade to TPM 2.0.
• 64-bit amd64 (x86-64) capable processor
• A USB flash drive with a Linux livecd burned (any should work, use the Gentoo Admin CD available here if in doubt)
• A working internet connection that your target PC can access

Assumptions

Before continuing, it will be assumed that you:

• Are currently booted into a Linux livecd
• Have configured your UEFI firmware as mentioned in the requirements above.

With that out the way, its time to get started!