> Thanks for the reply and clearing the confusion. > and to make sure future boards i buy lets users disable secure boot. By far the best idea. As a kernel rights holder I question the legality of Matthew's proposal, and it would be amusingly unfortunate if the Software Conservancy ended up beginning some of its Linux enforcement against Fedora. The other source of machines is of course going to be Google chromebooks and the like. They don't have a windows tax on them in the first place and have a developer switch. In fact in many ways the chromebooks and the like work the way it appears the secure boot stuff will ultimately work. If supplied as a system you would need to perform a specific incantation that demonstrates you are physically present and intend to unlock the device. That part of things is actually quite sensible - it means you can give a box to a random end user who doesn't want to do anything clever with it and the lock is a value, but the unlock can be done. What is much more evil is that the EFI scheme is engineered so that - the mechanism for unlocking is not defined but will vary by device - the process of getting keys into BIOSes is sufficiently fragmented and convoluted that in effect Microsoft own the keys. This stops you locking the device down with your own key. There is some hope the BIOS vendors will at least get their act together a bit on the former, if only to avoid the support calls and board returns killing them. With the wafer thin margins they have they simply cannot afford to have customers returning systems due to poor documentation. Alan -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
