On 06/01/2012 12:45 PM, Matthew Garrett wrote: > On Fri, Jun 01, 2012 at 06:16:37PM +0200, Kevin Kofler wrote: >> Adam Jackson wrote: >>> False. Quoting from Matthew's original post: >>> >>> "A system in custom mode should allow you to delete all existing keys >>> and replace them with your own. After that it's just a matter of >>> re-signing the Fedora bootloader (like I said, we'll be providing tools >>> and documentation for that) and you'll have a computer that will boot >>> Fedora but which will refuse to boot any Microsoft code." >> Removing the M$ key is not viable because the firmware on some peripheral >> hardware will be signed only with the M$ key. > "It may be a little more awkward for desktops because you may have to > handle the Microsoft-signed UEFI drivers on your graphics and network > cards, but this is also solvable. I'm looking at ways to implement a > tool to allow you to automatically whitelist the installed drivers." > We are all, Microsoft included, headed for signature-HELL. This is going to gum up the entire x86 hardware ecosystem to such a point and Microsoft will rue the day they ever dreamt up this nonsense. . -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
