[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: the ghost of UEFI and Micr0$0ft

On 06/06/12 20:47, Tom H wrote:
> On Wed, Jun 6, 2012 at 6:06 AM, Scott Ferguson
> <scott.ferguson.debian.user@gmail.com> wrote:
>> On 06/06/12 19:23, Tom H wrote:
>>> On Wed, Jun 6, 2012 at 12:18 AM, Scott Ferguson
>>> <scott.ferguson.debian.user@gmail.com> wrote:
>>>> ;consider also that Fedora has *not* said they won't be sharing the key
>>> They won't share their Secure Boot key in the same way that they don't
>>> share their RPM-signing key(s).
>> I'm unable to find anything from the RedHat/Fedora community who
>> supports that assertion, and it's not supported by the article:-
>> "Adopting a distribution-specific key and encouraging hardware companies
>> to adopt it *would have been hostile to other distributions*. We want to
>> compete on merit, not because we have better links to OEMs.
> In this para, MG's saying that Fedora didn't want to buy a
> 99-dollar-key and have it loaded into the firmware of the hardware
> manufacturers who'd agree to do so.

I read that as "there was no realistic chance that we could get *all* of
them to carry it", and so they didn't. Tim Burke gives the same reasons.
Aside from legal reasons (I'm not sure how UEFI and the Debian
constitution fit) the only things stopping Debian from getting a key is
that not many manufacturers would use it - and it'd require resources to
manage and maintain, something better suited to a commercial enterprise.

>> An alternative was producing some sort of overall Linux key. It turns
>> out that this is also difficult, since it would mean finding an entity
>> who was willing to take responsibility for managing signing or key
>> distribution. That means having the ability to keep the root key
>> absolutely secure and perform adequate validation of people asking for
>> signing. That's expensive. Like millions of dollars expensive. It would
>> also take a lot of time to set up, and that's not really time we had.
>> And, finally, nobody was jumping at the opportunity to volunteer. So no
>> generic Linux key."
>> Hardly "we don't want to share", more "we can't afford to"
> In this para, he isn't discussing a Fedora 99-dollar-key purchased
> from Verisign, but a cross-distribution Linux key infrastructure
> similar to the one that Microsoft's developed/developing.

Two keys?
I read it as *one* key bought (from Verison) for $99 through the MS
sysdev portal that will be used to sign the first stage boot loader for
use on hardware "certified" to support Windoof 7?

Kind regards

Iceweasel/Firefox/Chrome/Chromium/Iceape/IE extensions for finding
answers to questions about Debian:-

Reply to: