On 06/01/2012 07:56 PM, Kevin Kofler wrote:
Peter Jones wrote:
We don't know what all firmwares' UI's will look like, and it's possible -
even somewhat reasonable - that instead of "enable secure boot [X]" some
vendors would implement it, for example, as "[remove trusted key]" or
possibly a combo box with options ["user mode", "setup mode", "custom
mode"]. Those are all examples that are relatively likely.
We'll just have to wait for it and provide according instructions when it
happens.
Agreed. And again - I do think there's value in documenting how to disable
secure boot, and how to enable it with your own keys. That's been part of
the plan all along. That's one reason I've been writing tools for the latter
part - https://github.com/vathpela/pesign .
But I also think it's important for our distro to work out of the box on
new computers without having to do that. If we don't have that, people will
simply walk away.
To say nothing of what apple would implement if they decide to ship SB
(though they don't use the windows 8 logo, so there's every chance they'd
ship their own keys, ship with no way to turn it off, or both.)
In that case, your plan relying on M$'s key might not be of any more help
for Apple machines than mine.
Yes, that was my point.
--
Peter
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
