On Thu, 2012-06-07 at 13:14 -0400, Przemek Klosowski wrote: > What is Fedora ARM planning to do about the upcoming Microsoft hardware > certification spec requiring Secure Boot? By the spec, there must be a > way to disable it on x86, but on ARM they expressly prohibit turning it > off. I guess the current Fedora/RedHat stance, as explained by Matthew > Garrett, is to obtain a MS certificate covering x86 and presumably ARM > kernels from Fedora, but this doesn't help respins and mods and even > custom kernels---more likely on ARM because of the its relative newness > and faster pace of development. > > People pointed out that MS hardware requirements for ARM don't have > anwhere near the market coverage/importance as in the x86 sector, so > they argue that it's OK to ignore the issue. Indeed, currently majority > of ARM hardware just doesn't care about MS, but Secure Boot is a > reflection of the industry trend seeking more security (*) so it's > conceivable that more digital signing is in ARM's future, too. > > So, what is the current thinking? What's to decide? There are no ARM machines where getting Fedora signed by someone else would improve our ability to boot, so why would we bother getting someone else to sign Fedora on ARM? If there are ARM machines where UEFI and Secure Boot are available, we're going to have tools to do your own trust database management anyway, so why would supporting them be any different from doing the same on x86? - ajax
Attachment:
signature.asc
Description: This is a digitally signed message part
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel