On 2014-07-07, Florian Weimer <fweimer@xxxxxxxxxx> wrote: > Note that Microsoft's current policy may not allow unrestricted > virtualization (KVM or Virtualbox—does not matter) because that "permits > launch of another operating system instance after execution of > unauthenticated code"—the wording is rather unclear. If Microsoft > clarifies that this is forbidden, a future Fedora update will remove > this functionality, so you will be forced to disable Secure Boot at this > point anyway if you want to continue to use virtualization. > Could you elaborate more what "unauthenticated code" is in this case? Is it a userspace tool for controlling in-kernel virtualization (e.g. qemu in case of KVM)? Because KVM as a kernel module is signed. If so, what if user uses pure user-space emulation (e.g. qemu). Either that imposes user space executables have to be signed too, or the unclarified statement lacks any meaningful purpose. -- Petr -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
