User:WavyEbuilder/Gentoo Hardened Verified Boot Install/Requirements

From Gentoo Wiki
Jump to:navigation Jump to:search

Before getting started, it's important to go over the system requirements.

Minimum System Requirements

To successfully follow this guide, you'll need at least the following:

  • A native EFI (no csm) capable system:
    • We'll be making use of many UEFI features that legacy BIOS machines don't have such as Secure Boot. BIOS machines are out of scope and are not supported.
    • Some early UEFI machines support CSM. If your machine does, make sure to tick that off in your UEFI firmware settings.
  • Support for custom Secure Boot key enrollment:
    • Because we won't be using a kernel or shim signed by Microsoft we'll need to create and enroll our own Secure Boot keys.
    • Option Roms are in scope and should cause no problems setting up Secure Boot.
  • A TPM 2.0, either fTPM or dTPM (TPM 1.0 is out of scope):
    • We'll be using the TPM for automatic luks drive encryption (with an optional low-entropy pin).
    • Some TPM 1.0 machines support a firmware upgrade to TPM 2.0. Before giving up hope on a TPM 1.0 machine, make sure to check your PC manufacturer's website in case your machine supports a firmware upgrade to TPM 2.0.
  • 64-bit amd64 (x86-64) capable processor
  • A USB flash drive with a Linux livecd burned (any should work, use the Gentoo Admin CD available here if in doubt)
  • A working internet connection that your target PC can access


Before continuing, it will be assumed that you:

  • Are currently booted into a Linux livecd
  • Have configured your UEFI firmware as mentioned in the requirements above.

With that out the way, its time to get started!

< Previous Home Next >