On Tue, 5 Jun 2012 12:07:00 -0700 (PDT) Antonio Olivares <olivares14031@xxxxxxxxx> wrote: > > Supposing your OEM isn't abusing his powers and respects > > Microsoft's requirements if it's an x86 platform, you should > > be able to add your own key in the firmware, which will be > > used to verify the boot loader. If this thing is well > > designed (I assume it is), you won't have to flip a single > > bit on the boot loader and certainly not rebuild it > > (provided it does support secure boot in the first place). > > I am trying to understand the pros and cons in the arguments here, > but I am just a mere mortal so I will ask what I don't understand. > > 1) Red Hat will pay $99 to each OEM that exists in order to boot > Fedora 18 which should come out in parallel when windows 8 comes out? No. The $99 is a one time fee to verisign. Under this plan (which has not been approved or agreed on yet), Fedora would pay the fee for itself and get it's bootloader shim signed by the MS key. This shim would have the Fedora keys in it to check and only boot Fedora signed grub2 and kernel. Fedora (or things using it's shim/grub2/kernel) would boot out of the box on secure boot enabled hardware. > 2) Secure boot could be disabled in the bios and one could bypass the > pile of M$ crap? Yes. You can disable secure boot in the firmware. You can also remove MS keys and replace them with your own and use Secure boot. > 3) Other OSes also have to boot, since Red Hat has/is/will be paying > $99 to M$/other company to be able to safely boot Fedora, they can > just mimick Fedora's bootup|kernel parameters and not pay to securely > boot? If the "Other OS" ships and uses Fedora's bootloader shim, grub2, and kernel, then yes, it will just boot. If they modify these or have their own, it will not. They can also pay $99 to get access to the Microsoft sysdev portal, and get their boot shim signed by MS, then it will work in secure boot mode. > 4) an other page that explains some of this, I don't know if has been > mentioned here is > > http://mjg59.dreamwidth.org/12368.html > > It has some explanations, but the topic is still difficult to > understand and I would have to agree with the suggestions others have > shared here in this thread. Only time will tell how this issue will > be affected once we get there. yeah, he did a good writeup, but lots of people seem to not understand all the issues here. kevin
Attachment:
signature.asc
Description: PGP signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org