[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal for stage-1 boot loader for use with SecureBoot [Re: [Long] UEFI support]

On Fri, 6 Jul 2012, Rick Thomas <rbthomas@pobox.com> wrote:
> We need a "stage-1" boot loader, signed by somebody trusted (FSF?
> SFLC?) with a key that will be recognized by the SecureBoot BIOS.
> This is an un-changable binary blob, so it can't be GPL (is this a
> problem?)

There is no reason why GPL source can't be used for an unchangable binary.  As 
long as the source is supplied then it's not a problem.

Every Debian package is an unchangable binary, we don't change binaries we 
just replace them with newer versions.

There is a huge range of embedded devices with the Linux kernel (and other GPL 
software) in ROM which almost never get updated.  A Linux kernel in a mobile 
phone which has a locked boot loader is no different in terms of license from 
a secure boot loader under the GPL.

Using GPL licensed software to enforce signature checks is not a problem 
either.  We have GPG (and many other programs) for checking signatures and 
doing encryption and we have SE Linux (and many other options) for access 
control.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/
Reply to: