Joe Zeff writes:
On 05/31/2012 01:15 PM, Javier Perez wrote:If I have to pay $99 to Microsoft in order to install my Free/Open Operating System...Whatever gave you that idea? Whoever wants to get the bootloader signed (either Fedora or RedHat) pays a one-time fee of $99, not the end users.
How big is the bootloader, in the bright universe of UEFI? Still 512 bytes?Whatever it is, someone should just sacrifice those 512 bytes, or however much it is, in the name of progress, and sign a bootloader that simply loads the real bootloder from the next set of disk blocks, and goes from there. After the pain of going from 63 sectors to 2048, a few more sectors couldn't be much worse.
Unless I'm missing some crucial fact, from this brou-ha-ha; this should end up covering all of FOSS, not just Linux, in perpetuity, for all future versions and revisions of whatever bootloaders become necessary in the future.
But, I just have this nagging feeling that it can't be this easy. The presumed purpose of this is to block bootloader viruses, right?
The more I think about it, the more I'm convinced that I'm right, and you won't be able just to have any arbitrary bootloader signed. Because if you sign a proxy bootloader, what's to stop a bootloader virus from just swiping it, dumping it into the boot sector, and just use it to bootstrap itself?
B.S.I'll be shocked if the Microsoft won't require, and audit any bootloader, that's submitted for signing, to only load an OS image that's signed by the another key, in the bootloader itself. Because, otherwise, signing the bootloader is utterly worthless.
Alternatively, you mean to tell me that $99 would've stopped whoever's behind Stuxnet, or Flame? Looks like those fellas were/are after a much, much larger payoff, and $99 would be chump-change.
So, I hate to be the bearer of bad news, but I just can't believe that it's as simply a matter of paying $99 once, no matter what your submitted bootloader does, or doesn't do.
Watch, wait, and see.Furthermore, what about the opposite? Wouldn't, as part of this scenario, Microsoft require the hardware's firmware to be signed by Microsoft's key, in turn, and have Windows' bootloader check that? That seems to be more likely. I'm sure VMWare would just love that – Microsoft taking care of their FOSS competition, KVM, for them.
Attachment:
pgpoCp4YCZ5fE.pgp
Description: PGP signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org