Gregory Maxwell wrote:
> Create a pre-bootloder. If secureboot is enabled only permitting this
> boot because it's signed with the msft key, then display the most
> helpful instructions WRT secureboot we can display and then halt. If
> secureboot is not enabled, pass control to grub.
>
> This should meet the signing requirements and it removes the opacity
> without locking down any of Fedora. Such a bootloader should meet
> whatever requirements to get signed, since if secureboot is turned on
> it wont boot anything at all.
I'm not sure that the CA will be willing to sign something that says
"Secure" Boot is evil and needs to be disabled. And anyway, I think there's
no point in doing this, a generic "boot failed" or silent fallback to
another OS (one of which is what the firmware is going to do) is sufficient.
Kevin Kofler
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
