Re: the ghost of UEFI and Micr0$0ft

To: debian-user@lists.debian.org
Subject: Re: the ghost of UEFI and Micr0$0ft
From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
Date: Wed, 06 Jun 2012 21:56:07 +1000
Message-id: <[🔎] 4FCF4557.600@gmail.com>
In-reply-to: <[🔎] CAOdo=SyALgri4pLTfNivZhDR+LKDPo0jrhnjvwxzq+DtM=KmVg@mail.gmail.com>
References: <[🔎] CAO4+coYHYAghvJ=DtQXzSyLRX7KkRDWEy6p4ktZtoZR=Nf4mUg@mail.gmail.com> <[🔎] 1338883289.3371.6.camel@precise> <[🔎] 4FCE2D01.1090906@optonline.net> <[🔎] 20120605182626.7f21d335@ares.home.chubig.net> <[🔎] 4FCE3B09.50104@optonline.net> <[🔎] 20120605191855.3d0611ad@ares.home.chubig.net> <[🔎] 20120605180127.GJ6442@n0nb.us> <[🔎] CAOEVnYss7mXb_jNzh+nYyGAQAXsthdziwP18_+Q8F_jiSYu_Gw@mail.gmail.com> <[🔎] 20120606033536.GK4462@n0nb.us> <[🔎] 4FCEDA0B.8050601@gmail.com> <[🔎] CAOdo=SwSzVmtasgxYwmYhqAEmCWeeyV_Ew_4tG8S7rCq3zkjWg@mail.gmail.com> <[🔎] 4FCF2BB8.9070909@gmail.com> <[🔎] CAOdo=SyALgri4pLTfNivZhDR+LKDPo0jrhnjvwxzq+DtM=KmVg@mail.gmail.com>

On 06/06/12 20:47, Tom H wrote:
> On Wed, Jun 6, 2012 at 6:06 AM, Scott Ferguson
> <scott.ferguson.debian.user@gmail.com> wrote:
>> On 06/06/12 19:23, Tom H wrote:
>>> On Wed, Jun 6, 2012 at 12:18 AM, Scott Ferguson
>>> <scott.ferguson.debian.user@gmail.com> wrote:
> 
> 
>>>> ;consider also that Fedora has *not* said they won't be sharing the key
>>>
>>> They won't share their Secure Boot key in the same way that they don't
>>> share their RPM-signing key(s).
>>
>> I'm unable to find anything from the RedHat/Fedora community who
>> supports that assertion, and it's not supported by the article:-
>>
>> "Adopting a distribution-specific key and encouraging hardware companies
>> to adopt it *would have been hostile to other distributions*. We want to
>> compete on merit, not because we have better links to OEMs.
> 
> In this para, MG's saying that Fedora didn't want to buy a
> 99-dollar-key and have it loaded into the firmware of the hardware
> manufacturers who'd agree to do so.

I read that as "there was no realistic chance that we could get *all* of
them to carry it", and so they didn't. Tim Burke gives the same reasons.
Aside from legal reasons (I'm not sure how UEFI and the Debian
constitution fit) the only things stopping Debian from getting a key is
that not many manufacturers would use it - and it'd require resources to
manage and maintain, something better suited to a commercial enterprise.


> 
> 
>> An alternative was producing some sort of overall Linux key. It turns
>> out that this is also difficult, since it would mean finding an entity
>> who was willing to take responsibility for managing signing or key
>> distribution. That means having the ability to keep the root key
>> absolutely secure and perform adequate validation of people asking for
>> signing. That's expensive. Like millions of dollars expensive. It would
>> also take a lot of time to set up, and that's not really time we had.
>> And, finally, nobody was jumping at the opportunity to volunteer. So no
>> generic Linux key."
>>
>> Hardly "we don't want to share", more "we can't afford to"
> 
> In this para, he isn't discussing a Fedora 99-dollar-key purchased
> from Verisign, but a cross-distribution Linux key infrastructure
> similar to the one that Microsoft's developed/developing.

Two keys?
I read it as *one* key bought (from Verison) for $99 through the MS
sysdev portal that will be used to sign the first stage boot loader for
use on hardware "certified" to support Windoof 7?


Kind regards

-- 
Iceweasel/Firefox/Chrome/Chromium/Iceape/IE extensions for finding
answers to questions about Debian:-
https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/

Reply to:

Follow-Ups:
- Re: the ghost of UEFI and Micr0$0ft
  - From: Tom H <tomh0665@gmail.com>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Jon Dowland <jmtd@debian.org>

References:
- the ghost of UEFI and Micr0$0ft
  - From: Harshad Joshi <firewalrus@gmail.com>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Doug <dmcgarrett@optonline.net>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Claudius Hubig <debian_1206@chubig.net>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Doug <dmcgarrett@optonline.net>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Claudius Hubig <debian_1206@chubig.net>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Nate Bargmann <n0nb@n0nb.us>
- Re: the ghost of UEFI and Micr0$0ft
  - From: "Christofer C. Bell" <christofer.c.bell@gmail.com>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Nate Bargmann <n0nb@n0nb.us>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Tom H <tomh0665@gmail.com>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Tom H <tomh0665@gmail.com>

Prev by Date: Re: Any command to control the upload bandwidth of a running program
Next by Date: Re: the ghost of UEFI and Micr0$0ft
Previous by thread: Re: the ghost of UEFI and Micr0$0ft
Next by thread: Re: the ghost of UEFI and Micr0$0ft
Index(es):
- Date
- Thread