Re: Proposal for stage-1 boot loader for use with SecureBoot [Re: [Long] UEFI support]
On Thu, Jul 05, 2012 at 05:39:07PM -0700, Rick Thomas wrote:
> The fundamental problem we must solve is allowing the *user* to
> securely choose which OS she wants to install.
No. The user can disable secure boot.
> Whether that OS
> follows thru and verifies all its parts is between the user and the
> person or group who provided the OS (could be the user, herself, of
No, this is not voluntary. If we get a loader signed by an external
entity, it have to fulfill the requirements, aka no execution of
unsigned code in the kernel.
> Would this work? What have I missed?
You show a fundamental missinterpretation of the goals of secure boot. I
see nothing worth commenting on.
The man on tops walks a lonely street; the "chain" of command is often a noose.