[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: the ghost of UEFI and Micr0$0ft

On Thu, Jun 7, 2012 at 1:46 AM, Miles Bader <miles@gnu.org> wrote:
> Scott Ferguson <scott.ferguson.debian.user@gmail.com> writes:
>>>> You can't disable the code signing requirement on ARM.
>>> ... which is a great deal more worrying.
>> Yes. And no.
>> I'd hate to see a situation where it was impossible to buy an ARM (or
>> other CPU based board) without UEFI that can be disabled - but I support
>> devices that can be made to *only* run signed code *provided* MS is
>> *not* the certificate agency.
> Would that mean anybody who wants to build their own kernel would need
> to buy a signing key?

Not at all.  You can generate your own key and load it into your UEFI.
 It's no different a situation than using self-signed ssl certs
without buying one from a certificate authority.  There's no need to
pay any money to anyone to use the secure boot feature.  Is it a
hassle?  Sure, but you're not beholden to any 3rd party regardless.


Reply to: