(I'm posting in this thread rather than starting a new one in order to respect people who've spam-canned it) It is being widely reported that Canonical's be signing the kernel, they won't be requiring signed drivers, and won't be restricting runtime functionality while securebooted. What is being claimed is that the only thing they'll be restricting is the bootloader and they're going to write a new bootloader for this in order to avoid signing code written by third parties. This seems a bit incongruent with many of the claims made here about the degree of participation with cryptographic lockdown required and the importance of it. I feel like the entire discussion has been a bit unfair where people were repeatedly challenged to offer alternatives when things claimed to be impossible based on NDAed discussions are, apparently, actually possible and the remaining weak alternatives were discarded as not being usable enough. [1] http://www.h-online.com/open/news/item/Canonical-details-Ubuntu-UEFI-Secure-Boot-plans-1624444.html -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
