On Wed, Apr 6, 2022 at 10:23 AM Justin Forbes <jmforbes@xxxxxxxxxxx> wrote: > > Apple and Microsoft signing NVIDIA's proprietary driver doesn't at all > > indicate Apple and Microsoft trust the driver itself. It is trusting > > the providence of the blob, in order to achieve an overall safer > > ecosystem for their users. > > > > We either want users with NVIDIA hardware to be inside the Secure Boot > > fold or we don't. I want them in the fold *despite* the driver that > > needs signing is proprietary. That's a better user experience across > > the board, including the security messaging is made consistent. The > > existing policy serves no good at all and is double talk. If we really > > care about security more than ideological worry, we'd sign the driver. > > At the very least, it would require that Fedora have a separate key > that is trusted and not the same one used for shim/grub/kernel. If Fedora is going to sign it, rather than improving the local signing experience, absolutely it should be signed with a separate key. The design should assume a revocation is going to happen at some point. > We > certainly aren't proposing that we use the standard Fedora keys to > sign a binary blob that runs in kernel space from a company who was > most recently hacked last month? No way. I don't think there's a mechanism for it, but I'd prefer Fedora sign the 3rd party's key rather than their binary. Maybe it's a small distinction at the end of the day. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
