The Debian distribution tends to be conservative in nature and the project takes its time when adopting new features. The Debian developers have been considering support for UEFI's Secure Boot feature for a while now. Secure Boot is designed to prevent untrusted software from loading on the system at boot time and requires low-level software to be signed by a trusted authority. "The commonly-used approach of signing the kernel image creates some problems for Debian, though. The project's practice with signatures has been to sign metadata describing software, never the code itself. Debian does not want to put signing keys onto its 'buildd' systems; those systems are distributed around the globe and present any number of ways in which the keys could be exposed. Debian is also committed to reproducible builds, which cannot depend on secrets (or they would no longer be reproducible). As a result, Debian cannot automatically build signed kernel binaries in a single step." This LWN article goes into the issues Debian faces when implementing Secure Boot support and how the project is dealing with the challenges.
Star Labs - Laptops built for Linux.
View our range including the Star Lite, Star LabTop and more. Available with a choice of Ubuntu, Linux Mint or Zorin OS pre-installed with many more distributions supported. Visit Star Labs for information, to buy and get support.