Thibault Nélis writes:
On 06/02/2012 10:19 PM, Sam Varshavchik wrote:But I thought that this was the plan of action, isn't it? Sign a shim that boots Fedora. Presto, secured boot, with Microsoft's blessing. So, did you just change your mind, and realize that: 1) It makes no sense, and 2) Microsoft is not going to sign a shim that will boot an arbitrary Linux kernel, which can be trivially used to bypass the protection that a secured boot offers to their non-free OS?We're really talking about different things here I believe; from my point of view, I see you asking the question "When will a universal key that can boot any kernel?" in a very rhetorical way, as in, it will never happen because either the system is broken or Microsoft won't allow it (I'm not sure what you meant exactly, but I'm pretty sure it's one of those, correct me if I'm wrong).
Both; but mostly the fact that Microsoft will not allow it.
However, I argue that asking the question is a little wrong; if such a key would exist, secure boot would lose its purpose, and thus we shouldn't even desire such a key. But I'm kind of certain that you understand that very well already, which is why I'm out of words.
Precisely. Gee, and I thought that I was running Linux because I am able to boot any kernel that I feel like.
But then, the argument goes that you will have the ability to install your own firmware key, and sign the kernel.
But, it's painfully obvious to me, that this will never happen, to any noteworthy degree. I have very little doubt that empty promises in Microsoft's own documentation, that's cited as alleged proof that firmware will retain the ability to accept other keys, are utterly bogus. It's not going to happen.
Even without malware being a factor, a signed secure boot of Linux will be able to bootstrap another non-free OS, bypassing its secure boot. I repeat: a truly secure boot for a non-free OS is logically impossible as long as secure boot is still possible for a free OS, on the same hardware. There's no need for any malware to be involved. The core definition of free OS as one that lets you do whatever with your hardware and software. This logically prevents a secure boot of a non-free OS, where that does not hold true.
Anyone can spin this until tomorrow, but this is something fundamental, that no amount of spin and talk can change. Microsoft isn't stupid. They know this. Which is why, ultimately, you will not be able to boot a free OS on the same hardware that is capable of booting Microsoft's OS. All that jazz about alternate keys is just magician's smoke and mirrors aimed to misdirect the dumb audience.
Attachment:
pgp0r9ZLu5g0Z.pgp
Description: PGP signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
