On Mon, Jun 18, 2012 at 01:00:33AM -0400, Seth Johnson wrote: > On Mon, Jun 18, 2012 at 12:58 AM, Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: > > On Mon, Jun 18, 2012 at 12:54:56AM -0400, Seth Johnson wrote: > > > >> But the best thing is that a free software UEFI would let anybody put > >> their own key as hardware root, and this would stymie the > >> rationalizing of big shots holding root and granting signing services > >> to their hardware. > > > > All UEFI implementations we're aware of will be shipping with support > > for replacing all the secure boot keys, including Pk. UEFI itself is > > also entirely free software, although specific implementations may not > > be. > > > Then write a better UEFI. No need for a shim. The machine will have a functional UEFI implementation. Why would we want to replace it? -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
