Re: Need more info: UEFI Secure Boot in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 05/31/2012 03:31 AM, Alan Cox wrote:

       If there are better options then we haven't found them. So, in all
probability, this is the approach we'll take. Our first stage bootloader
will be signed with a Microsoft key.

Why sign it at all. Also if the boot loader was signed it wouldn't be
allowed to load anything else unsigned at OS level or allow users to
install device drivers which might then take privileged control of the
system. So goodbye Nvidia driver for example. It also takes you into the
question at that point of whether a signed kernel with no key violates
GPLv2, which seems quite possible.

I read Matthew Garrett blog and he is leading towards implementing
signing the first bootloader with an ms key. Was not aware of the
negtivity by doing that can bring.

garretś blog:
http://mjg59.dreamwidth.org/12368.html

will I need to pay $99 to use linux,etc.  what about other distros?
I know will be speculating at this point but wondering what could be the
reprecussions if this method is taken?

The most recent state of affairs appears to be that for x86 (but *not*
at the last checkj ARM) devices it's a requirement of the windows 8 logo
and "secure" boot that it can be disabled just as things like the TC can.

Then i should be not be concerned.


What is needed then is to make sure its well documented and standardised
how people turn it off. This isn't just a Linux thing, its an old windows
thing, its a DOS thing, its a BSD thing, etc

As an end user the most effective thing anyone can do faced with a board
that has secure boot and it's not immediately obvious how to disable it
is to email and phone the suppliers tech support and pursue them
repeatedly until they give an answer. That will generally speaking exceed
their profit margin on the board by quite a bit so will make them very
keen to document it clearly for future users.

Alan



Thanks for the reply and clearing the confusion.
and to make sure future boards i buy lets users disable secure boot.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux