On Mon, Jun 18, 2012 at 09:26:23AM -0400, Seth Johnson wrote: > On Mon, Jun 18, 2012 at 8:59 AM, Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: > > You're still not making it clear what you want. Hardware without secure > > boot? Hardware with secure boot but a different default policy? Hardware > > with free firmware that may or may not have secure boot enabled by > > default? > > Write a new UEFI. No need for a shim. Peter stated what the free > software UEFI on its own hardware should support: "disable Secure Boot > or use your own chain of trust." Plus, because you appear to be > motivated to buy a shim for this reason, write the UEFI so it does not > make it scary to install in any configuration you use as the empowered > owner of the device. Like I said before, the existing UEFI implementations on the existing hardware will support "Disable Secure Boot or use your own chain of trust". If you're asking for the ability to install Linux without requiring signed binaries then presumably you just want a UEFI implementation that doesn't enforce secure boot by default? Those exist already, without needing to write a new implementation. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
