Re: future of dual booting Windows and Fedora, redux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Jul 29, 2022 at 01:52:28PM +0200, Florian Weimer wrote:
> * Daniel P. Berrangé:
> 
> >> Unfortunately, Fedora promoted this broken model with pervasive
> >> cross-distribution/cross-OS trust as well.  People are generally quick
> >> to criticize those who control a PKI, but very few organizations are
> >> willing to step up to hold the key material for the key of last resort
> >> because of the risk inherent to that.  Consequently, pretty much all
> >> distributions hide behind the Microsoft key, instead of running their
> >> own PKI and working with OEMs to get it accepted by the firmware.
> >
> > Would the situation actually be any different in that case ? Assume
> > an alternate reality where hardware OEMs magically agreed to pre-install
> > 20 different keys for the various Linux vendors.
> >
> > You still have the same "problem" that you're running 1 specific vendor's
> > OS, but your firmware trusts the software from countless different
> > unrelated vendors for SecureBoot.
> 
> No, in this model, if you buy a Fedora server, it only boots Fedora
> until manual intervention.  I don't think this is a problem because
> Secure Boot with that very open signing policy is not very far from
> disabled Secure Boot.

Ah, so you mean getting the OEMs to preload the Linux OS distro
of choice, not merely preloading a distro's SecureBoot keys. 


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux