Re: [RFC] Second attempt at kernel secure boot support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Florian Weimer <fw@xxxxxxxxxxxxx>
Subject: Re: [RFC] Second attempt at kernel secure boot support
From: Chris Friesen <chris.friesen@xxxxxxxxxxx>
Date: Tue, 06 Nov 2012 09:14:14 -0600
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>, Matthew Garrett <mjg59@xxxxxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, Eric Paris <eparis@xxxxxxxxxxxxxx>, Jiri Kosina <jkosina@xxxxxxx>, Oliver Neukum <oneukum@xxxxxxx>, Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>, Josh Boyer <jwboyer@xxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, linux-security-module@xxxxxxxxxxxxxxx, linux-efi@xxxxxxxxxxxxxxx
In-reply-to: <878vafqi5q.fsf@mid.deneb.enyo.de>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111108 Fedora/3.1.16-1.fc14 Lightning/1.0b3pre Thunderbird/3.1.16

On 11/06/2012 01:56 AM, Florian Weimer wrote:

Personally, I think the only way out of this mess is to teach users
how to disable Secure Boot.

If you're going to go that far, why not just get them to install aRedHat (or SuSE, or Ubuntu, or whoever) key and use that instead?

Secure boot does arguably solve a class of problems, so it seems a bitodd to recommend just throwing it out entirely.


Chris
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Follow-Ups:
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Florian Weimer
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Jiri Kosina

References:
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Matthew Garrett
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Eric W. Biederman
- Re: [RFC] Second attempt at kernel secure boot support
  - From: H. Peter Anvin
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Eric W. Biederman
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Matthew Garrett
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Eric W. Biederman
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Matthew Garrett
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Eric W. Biederman
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Matthew Garrett
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Eric W. Biederman
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Matthew Garrett
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Eric W. Biederman
- Re: [RFC] Second attempt at kernel secure boot support
  - From: Florian Weimer

Prev by Date: Re: [PATCH] x86/EFI: additional checks in efi_bgrt_init()
Next by Date: Re: [RFC] Second attempt at kernel secure boot support
Previous by thread: Re: [RFC] Second attempt at kernel secure boot support
Next by thread: Re: [RFC] Second attempt at kernel secure boot support
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Security] [Bugtraq] [Linux OMAP] [Linux MIPS] [ECOS] [Asterisk Internet PBX] [Linux API]