On 05/31/2012 05:47 PM, Adam Williamson wrote: > On Thu, 2012-05-31 at 16:31 -0400, Gerry Reno wrote: >> On 05/31/2012 04:26 PM, Gregory Maxwell wrote: >>> On Thu, May 31, 2012 at 4:19 PM, Gerry Reno <greno@xxxxxxxxxxx> wrote: >>>> And I'd rather see a User-Controlled implementation rather than a Monopoly-Controlled implementation. >>> SecureBoot is (currently, on x86 but not arm) _also_ user-controlled. >>> The monopoly controlled is just the default. >> I guess what I am saying is a User-only controlled implementation. No monopoly implementation needed. > SecureBoot itself is exactly this. It specifies a framework. It just > says, basically, 'hey, if we sign all these bits then we have a trusted > boot path'. It doesn't state who should sign the bits. It doesn't care. > > It's Microsoft's Windows 8 Client labelling program that implements the > 'monopoly control'. That's the program which requires compliant hardware > to trust the Microsoft signing key. > > If you want to Opt Out Of The Monopoly, Man all you have to do is buy > hardware which doesn't comply with Microsoft's program and trust > Microsoft's key. Such hardware will exist. 99.,9% of x86 hardware is probably going to comply with this monopoly label program. Which means very limited hardware choices for those who want to opt-out. . -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
