Re: Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thibault Nélis writes:


On 06/02/2012 04:34 AM, Sam Varshavchik wrote:

Well the math doesn't compute here, it's cryptographically impossible.
I mean you could sign a shim that won't verify the integrity of the boot


There you go.
Look I can't really go on on that. You seem to imply that this is a bad thing. I simply say that it doesn't make sense to want this in the first place. I don't know what to say.
But I thought that this was the plan of action, isn't it? Sign a shim that boots Fedora. Presto, secured boot, with Microsoft's blessing. 

So, did you just change your mind, and realize that:

1) It makes no sense, and
2) Microsoft is not going to sign a shim that will boot an arbitrary Linux kernel, which can be trivially used to bypass the protection that a secured boot offers to their non-free OS? 

?


Actually, it makes perfect sense. This is analogous to client
certificate verification with TLS.


mean it's not even a real catch-22, you won't ever boot the kernel
before the firmware, so this is a non-issue.


You need to put yourself into Microsoft's frame of mind.

They're going in the direction of OEMs locking down their firmware to
booting only Microsoft OSes. Now, the other shoe drops. In turn, some
future Microsoft OS release will only boot on firmware that's signed by
Microsoft's key. If it's not, the OS will refuse to boot, displaying a
soothing message to the user that their hardware is incompatible.

To make it compatible, OEMs will have to pay the same $99 fee for
Microsoft to sign their firmware.

Now you get it?


Yes, you're right, it does make sense.  That would be considered blackmail


Somehow, I don't think they'd care how it's called, on this mailing list.
though, at least if these OEMs don't have the option to abandon Microsoft to sell their products to competitors. Could they even get away with it? 

Who would stop them?
Anyway, this would only affect OEMs and Windows users who want to install their copy of Windows on machines they assemble themselves (or in any way non-approved by Microsoft).
Which includes install into a virtual machine that did not pay the Microsoft tax. That would include KVM. 


                             Do we really care about them?
Well, in the same way you'd care about someone sitting on the side of the road, all bloodied up, next to flaming, smoking wreck. You don't know them. They're of no personal interest to you. Still, as a human being, you would care somewhat. Maybe just a little. That's one of the things that makes you human.

Attachment: pgplHAwSTNw6j.pgp
Description: PGP signature

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux