On Thu, 2012-05-31 at 16:31 -0400, Gerry Reno wrote: > On 05/31/2012 04:26 PM, Gregory Maxwell wrote: > > On Thu, May 31, 2012 at 4:19 PM, Gerry Reno <greno@xxxxxxxxxxx> wrote: > >> And I'd rather see a User-Controlled implementation rather than a Monopoly-Controlled implementation. > > SecureBoot is (currently, on x86 but not arm) _also_ user-controlled. > > The monopoly controlled is just the default. > > I guess what I am saying is a User-only controlled implementation. No monopoly implementation needed. SecureBoot itself is exactly this. It specifies a framework. It just says, basically, 'hey, if we sign all these bits then we have a trusted boot path'. It doesn't state who should sign the bits. It doesn't care. It's Microsoft's Windows 8 Client labelling program that implements the 'monopoly control'. That's the program which requires compliant hardware to trust the Microsoft signing key. If you want to Opt Out Of The Monopoly, Man all you have to do is buy hardware which doesn't comply with Microsoft's program and trust Microsoft's key. Such hardware will exist. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
