Re: Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> > Verisign is somehow involved since they will receive the payments;  and they  
> > are arguably less biased).  Microsoft/Verisign currently ask $100 for the  
> > signatures.  Every time an attacker's malware is detected and blacklisted,  
> > it would have to pay $100 to a trust broker to get a new signature.
> 
> And how exactly would a piece of hardware would have the ability to revoke a  
> certificate?

Its a feature of the hardware design. It was designed into the UEFI
secure boot set up from the start for the same reasons a web browser
needs to be able to revoke keys.

> I do not recall anyone mentioning any OEM that will enable a user to install  
> their own bootloader signing keys, alongside with Microsoft's.

> Can you point me to any OEM that indicated that they will make hardware that  
> implements user-installed keys?

Hopefully there will be enough of an explosion that this changes but it
will probably depend upon competition regulators and lobbying from
supportive politicians in the EU.

> As I said, I've opened a betting pool. Initially, I bet 1,000 quatloos that  
> Fedora's bootloader will not be signed a year down the road, after this  
> whole circus gets running.

If Red Hat have any sense they will take up the offers to get their key
into as many BIOSes as they can and sign with both. That way Microsoft
can't screw them over later even if they want to.

> You really think that any OEM will fight this? Why should they?

If it hurts their business for one, and in order not to be considered
part of a cartel may be another (as whistle blowing a cartel usually
mostly exempts you from damages for it...)

But yes they are in a very tight spot and have this to juggle with and
the fact that there are predictions the Android device market is about to
turn them into the next Nokia.

Alan

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux