[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: the ghost of UEFI and Micr0$0ft



On Wed, Jun 06, 2012 at 09:56:07PM +1000, Scott Ferguson wrote:
> the only things stopping Debian from getting a key is that not many
> manufacturers would use it

They wouldn't have to: they have to trust anything signed with a private
key that MS/Versign hold, so if Debian paid the 99$ and got a bootloader
signed, it would be trusted. The manufacturers would not need to do any
extra work.

> and it'd require resources to manage and maintain, something better suited to
> a commercial enterprise.

That's the big deal. Fedora seem to believe they can manage maintaining closed
and signed bootloaders, kernel and kernel modules.  That would be very difficult
to achieve in Debian.

A more interesting approach might be to maintained a locked-down install image
chain which offered, as a very early installer option, to disable the secure
boot BIOS setting on your behalf.  From then onwards you could run whatever you
like.  Whether or not that will be generally possible, I don't know.


Reply to: