On Sat, Jun 25, 2022 at 4:14 PM Demi Marie Obenour <demiobenour@xxxxxxxxx> wrote: > > On 6/25/22 07:56, Roberto Ragusa wrote: > > On 6/19/22 22:54, Sharpened Blade via devel wrote: > > > >> Use unified kernel images by default for new releases. This can allow for the local installation to sign the kernel and the initrd, so the boot chain can be verified until after the uefi. > > > > How big is the demand for this kind of lockdown? > > As a since-last-century Linux user, I'm choosing Fedora > > exactly to NOT have all this signing/trusted boot > > complications on my systems and I do not see a reason > > to turn Fedora into Android (or, worse, iOS). > It’s necessary for secure boot to actually be meaningful in > practice. I expect that people who care about secure boot > will want this. I don't. I only care about secure boot enough to bootstrap a Free platform. Secure Boot is generally not designed as a tool to provide security unless you rip out all the certs and use your own exclusively. At that point, you can do whatever you want. Most PCs are poorly designed to handle doing this procedure, and it's too easy to accidentally break the computer entirely by doing so. It's just not worth it. I treat Secure Boot purely as a compatibility interface. We need to do just enough to get through the secure boot environment. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure