On Mon, Jun 25, 2012 at 2:37 PM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: > I'm reading they're going to use a modified Intel efilinux, not writing a new boot loader. And that they will not require either signed kernel or kernel modules. Thats my understanding. > So what's the point of Secure Pre-Boot? Making Ubuntu work on the hardware people have. Which is the justification given here why Fedora needed to adopt crytographic signing of the kernel/drivers/etc. I think this all would have been a much simpler matter if it wasn't being described as essential for keeping Fedora operable on the computers of the common folk. Of course, users who want more aggressive secureboot would be free to replace the keys in their system with ones which only sign bootloaders which are more thoroughly locked down… but I don't see evidence of the demand. (can you point to some?) > I think for at least 9 months now the idea of a strictly pre-boot implementation of Secure Boot is possible, but meaningless to the point of "WTF, why bother?" with the effort required. It's like building a bridge that's 80% complete, and therefore 100% useless. And the kernel hands off control to a init/systemd which is unsigned— which can be rooted and exploit a vulnerable kernel to prevent updates. It's like building a bridge that is _10%_ complete, and therefore 100% useless. :) … the amount of critical userspace code that runs before updates can be processed is enormous and the kernel and bootloader is just a tiny fraction of that. Why not build the 100% bridge that actually provides a remotely secured platform? Because it's incompatible with software freedom. Central control is Microsoft's strength, not Fedora's. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel