> Yes, but for that, the firmware will either need support from the OS it > secure-boots, to go out on the network, check for revocations, and upload > them into firmware; or the firmware itself must implement a bare-bones > network stack, initialize the onboard NIC, obtain a DHCP address, or load a > static IP config, then check for CRLs. The firmware already has this. > Before it boots the OS. Fine UEFI is a powerful enough base to be capable of supporting this. I don't know if anyone has implemented it, but you have a complete chain of keys to verify the request. In theory you can even do stuff like have the OS prove to the ISP that it's an approved signed OS so is permitted to use the internet. (no piracy tools installed etc) -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org