[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Long] UEFI support

Wookey, 2012-01-09 15:04+0100:
> I assume evyone here is aware of mjg's useful posts about the issue of
> key-management in UEFI secure boot?
> We need to do one of:
> * get our bootloaders signed by something like the 'linuxfoundation key'
> if such a thing gets widely installed, 
> * explain to users how to get the 'debian key' installed
> * explain to users how to turn off secure boot.
> * Get manufacturers to put the Debian key in machines for sale (or
>  just make them with Debian(or a deriviative) pre-installed.

Just as a reminder, we must be aware that GRUB images are generated
locally on each host. Thus every user would have to have the secret key
to sign their boot loader image.

: /` )   Tanguy Ortolo <xmpp:tanguy@ortolo.eu> <irc://irc.oftc.net/Tanguy>
| `-'    Debian Developer

Reply to: