On 09/06/12 19:34, drago01 wrote: >> Is that actually true though? >> > >> > If Fedora does not implement some form of Secure Boot support, 100% of >> > Fedora users will still be able to install Fedora on new machines, after >> > they disable Secure Boot, if their computer even has it at all (and >> > personally, I think the majority of Fedora users will simply buy >> > hardware which does not have Secure Boot). I know I would. > No because some users in don't know what a firmware is and can't/don't > want to fiddle with it. Except it won't be that hard. We say "firmware" but it's the interface we're talking about. It'll be just like going into the BIOS and setting the boot order, date, or turning on hardware virtualisation support. We're not talking about flashing firmware, running commands or anything like that. >From Microsoft: "17. MANDATORY. On non-ARM systems, the platform MUST implement the ability for a physically present user to _select between two Secure Boot modes in firmware setup_: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following: a) It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK. This may be implemented by simply providing the option to clear all Secure Boot databases (PK, KEK, db, dbx) which will put the system into setup mode." So the graphical interface will present a choice to the user and will be as simple as changing Secure Boot to custom mode. Just look up the manual for something like Asus P8P67 mainboard which has UEFI (granted probably no Secure Boot yet) to see what a UEFI interface can look like. It's going to be a piece of cake. In fact, loading signatures will probably also be very easy - most likely import from a USB stick or media device of some kind. > Making installation harder for the less experienced users does not > make sense to me. > Sure and I'm all for making things easier. I don't have a problem with Fedora shipping with Secure Boot support, I'm saying that I don't think it's as big a deal as everyone's making it out to be. In my opinion the setting for Secure Boot will probably be no more difficult that setting the default boot order in a BIOS (something you have to do to boot install media). >> > Now, if there was an inability to disable Secure Boot or manage keys >> > then that would be a different kettle of fish (and in my mind a >> > different argument). > That is a more controversial part but IMO but if you have the choice > of running fedora with some restrictions vs. not running fedora at all > ... > I'd got for the former ... > Yeah, but that's _not_ the choice at all (which is kind of my point). Your choice is between running Fedora in Secure Boot mode or running Fedora completely unhindered with Secure Boot in custom mode. "Not at all" never enters the picture. -c -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
