Re: [Long] UEFI support

To: debian-devel@lists.debian.org
Subject: Re: [Long] UEFI support
From: Tanguy Ortolo <tanguy+debian@ortolo.eu>
Date: Mon, 9 Jan 2012 16:29:12 +0000 (UTC)
Message-id: <[🔎] jef4ko$9cl$1@dough.gmane.org>
References: <[🔎] je7174$b6p$1@dough.gmane.org> <[🔎] 20120107000815.GC23208@virgil.dodds.net> <[🔎] 20120109140414.GA4517@dream.aleph1.co.uk>

Wookey, 2012-01-09 15:04+0100:
> I assume evyone here is aware of mjg's useful posts about the issue of
> key-management in UEFI secure boot?
> 
> We need to do one of:
> 
> * get our bootloaders signed by something like the 'linuxfoundation key'
> if such a thing gets widely installed, 
> * explain to users how to get the 'debian key' installed
> * explain to users how to turn off secure boot.
> * Get manufacturers to put the Debian key in machines for sale (or
>  just make them with Debian(or a deriviative) pre-installed.

Just as a reminder, we must be aware that GRUB images are generated
locally on each host. Thus every user would have to have the secret key
to sign their boot loader image.

-- 
 ,--.
: /` )   Tanguy Ortolo <xmpp:tanguy@ortolo.eu> <irc://irc.oftc.net/Tanguy>
| `-'    Debian Developer
 \_

Reply to:

Follow-Ups:
- Re: [Long] UEFI support
  - From: Iustin Pop <iustin@debian.org>

References:
- [Long] UEFI support
  - From: Tanguy Ortolo <tanguy+debian@ortolo.eu>
- Re: [Long] UEFI support
  - From: Steve Langasek <vorlon@debian.org>
- Re: [Long] UEFI support
  - From: Wookey <wookey@wookware.org>

Prev by Date: Re: Bug#655230: ITP: pushkey -- ITP: pushkey - Pushes your ssh key to a remote location. It tries to create a .ssh folder remotley then it adds your ssh key to authorized_keys.
Next by Date: Re: [Long] UEFI support
Previous by thread: Re: [Long] UEFI support
Next by thread: Re: [Long] UEFI support
Index(es):
- Date
- Thread