[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal for stage-1 boot loader for use with SecureBoot [Re: [Long] UEFI support]

On Thu, Jul 05, 2012 at 05:39:07PM -0700, Rick Thomas wrote:
> The fundamental problem we must solve is allowing the *user* to
> securely choose which OS she wants to install.

No. The user can disable secure boot.

>                                                 Whether that OS
> follows thru and verifies all its parts is between the user and the
> person or group who provided the OS (could be the user, herself, of
> course!)

No, this is not voluntary. If we get a loader signed by an external
entity, it have to fulfill the requirements, aka no execution of
unsigned code in the kernel.

> Would this work?  What have I missed?

You show a fundamental missinterpretation of the goals of secure boot. I
see nothing worth commenting on.


The man on tops walks a lonely street; the "chain" of command is often a noose.

Reply to: