[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: EFI in Debian

On Fri, Jul 06, 2012 at 10:14:01AM +0200, Josselin Mouette wrote:
> Le vendredi 06 juillet 2012 à 05:32 +0100, Ben Hutchings a écrit : 
> > 1. General consensus in the project that supporting the option of Secure
> > Boot, including purchase of a Microsoft-signed certificate, is
> > worthwhile and not entirely objectionable.  

> Not entirely objectionable indeed, but it really depends on what we
> would have to pay for.  As long as it is only covering for
> administrative costs of Microsoft emitting a new certificate, it is
> fine.

Microsoft has indicated their intent to provide the Secure Boot CA services
free of charge.  AIUI the only associated fee is to a third party, Verisign,
for them to provide the service of establishing digital identity to
Microsoft's standards.

> If OTOH we have to pay a fee just for our software to work on platforms
> that just happen to be using Microsoft’s certificate, this is clearly
> abusive.  I would object to do so, and I believe we would (at least in
> Europe) have a very strong case in court against such practice.

Note that the Windows 8 requirements stipulate that users must in all cases
retain the ability to disable Secure Boot on their x86 systems from the
firmware.  It's really a question of ease of installation, and whether
Secure Boot provides any additional security protection that we think it's
worth providing to Debian users out of the box.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: