On Fri, Jun 01, 2012 at 06:16:37PM +0200, Kevin Kofler wrote: > Adam Jackson wrote: > > False. Quoting from Matthew's original post: > > > > "A system in custom mode should allow you to delete all existing keys > > and replace them with your own. After that it's just a matter of > > re-signing the Fedora bootloader (like I said, we'll be providing tools > > and documentation for that) and you'll have a computer that will boot > > Fedora but which will refuse to boot any Microsoft code." > > Removing the M$ key is not viable because the firmware on some peripheral > hardware will be signed only with the M$ key. "It may be a little more awkward for desktops because you may have to handle the Microsoft-signed UEFI drivers on your graphics and network cards, but this is also solvable. I'm looking at ways to implement a tool to allow you to automatically whitelist the installed drivers." -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
