> If there are better options then we haven't found them. So, in all > probability, this is the approach we'll take. Our first stage bootloader > will be signed with a Microsoft key. Why sign it at all. Also if the boot loader was signed it wouldn't be allowed to load anything else unsigned at OS level or allow users to install device drivers which might then take privileged control of the system. So goodbye Nvidia driver for example. It also takes you into the question at that point of whether a signed kernel with no key violates GPLv2, which seems quite possible. > will I need to pay $99 to use linux,etc. what about other distros? > I know will be speculating at this point but wondering what could be the > reprecussions if this method is taken? The most recent state of affairs appears to be that for x86 (but *not* at the last checkj ARM) devices it's a requirement of the windows 8 logo and "secure" boot that it can be disabled just as things like the TC can. What is needed then is to make sure its well documented and standardised how people turn it off. This isn't just a Linux thing, its an old windows thing, its a DOS thing, its a BSD thing, etc As an end user the most effective thing anyone can do faced with a board that has secure boot and it's not immediately obvious how to disable it is to email and phone the suppliers tech support and pursue them repeatedly until they give an answer. That will generally speaking exceed their profit margin on the board by quite a bit so will make them very keen to document it clearly for future users. Alan -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
