On Sat, Jun 2, 2012 at 12:36 PM, Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: > Per spec the machine simply falls back to attempting to execute the next > entry in the boot list. An implementation may provide some feedback that > that's the case, but there's no requirement for it to do so, so it's > perfectly valid for it to just fall back to booting Windows with no > notification. If the issue were just the opaque and unpredictable behavior on failure this could be addressed without signing any of the distribution proper. Create a pre-bootloder. If secureboot is enabled only permitting this boot because it's signed with the msft key, then display the most helpful instructions WRT secureboot we can display and then halt. If secureboot is not enabled, pass control to grub. This should meet the signing requirements and it removes the opacity without locking down any of Fedora. Such a bootloader should meet whatever requirements to get signed, since if secureboot is turned on it wont boot anything at all. I strongly encourage this mode to be created and included with Fedora even if goes down the route of locking down the operating system... so when people do replace their bootloaders/kernels they're not just stuck booting into windows or getting a black screen. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
