Desktop and laptop PCs designed to run Windows will now only run a boot loader signed by Microsoft or by their manufacturer, unless manually reconfigured. Several Linux distributions now include the necessary chain of signed code, but for various reasons Debian has been slow to do so. I explain some of the difficulties and how we’re finally supporting UEFI Secure Boot – not only on PCs but also on some ARM-based systems.
Ben Hutchings
Slides (odp)debian-secure-boot
Slides (pdf)kr2016-debian-secure-boot