On Sat, Jun 02, 2012 at 01:05:53PM -0600, Chris Murphy wrote: > > On Jun 1, 2012, at 12:50 PM, Peter Jones wrote: > > > On 06/01/2012 01:22 PM, Chris Murphy wrote: > >> Is UEFI Secure Boot really the only way to prevent the problem it attempts to > >> solve, and if so, what about the plethora of BIOS hardware in the world > >> today, still even shipping as new systems? They're all unacceptably exposed? > >> Really? > > > > That's the position Microsoft has taken, yes. > > Do you share this position that Microsoft has taken? If not, why not? Do you think there are alternatives to UEFI Secure Boot - including a possible spec change? There are certainly a number of implementation details that could be changed that would make various things easier, and obviously we could do things that standardised user enrolment of keys, but I suspect any solution would end up looking broadly similar to this. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
