Re: F37 Change: Deprecate Legacy BIOS (System-Wide Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 6, 2022 at 12:04 AM Gary Buhrmaster
<gary.buhrmaster@xxxxxxxxx> wrote:
>
> On Wed, Apr 6, 2022 at 12:59 AM Demi Marie Obenour
> <demiobenour@xxxxxxxxx> wrote:
> >
> > On 4/5/22 19:38, Chris Murphy wrote:
> > > We either want users with NVIDIA hardware to be inside the Secure Boot
> > > fold or we don't. I want them in the fold *despite* the driver that
> > > needs signing is proprietary. That's a better user experience across
> > > the board, including the security messaging is made consistent. The
> > > existing policy serves no good at all and is double talk. If we really
> > > care about security more than ideological worry, we'd sign the driver.
> >
> > I agree with this.  Sign the driver.
>
> Nvidia has their driver signed for their
> Windows drivers.  That they choose
> not to do so for Linux is their right,
> even if some wish they did.
>
> It should be noted that while many
> might wish nvidia chose a different
> way, that is completely orthogonal
> to bios vs uefi.

Linux, like Windows, requires the distribution vendor to sign modules
for automatic trust. There are a number of complicated issues that
make it difficult for us to sign this particular driver, though.
Notably, NVIDIA themselves acknowledges that it infringes on the GPL
to redistribute built kernel module blobs of nvidia.ko[1], so that means
any method of signing it needs to be done locally, which means we
*need* the local signing path to be improved.

[1]: https://imgur.com/LUCQ3WW




--
真実はいつも一つ!/ Always, there's only one truth!
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux