Re: the ghost of UEFI and Micr0$0ft
On Thu, Jun 7, 2012 at 1:46 AM, Miles Bader <email@example.com> wrote:
> Scott Ferguson <firstname.lastname@example.org> writes:
>>>> You can't disable the code signing requirement on ARM.
>>> ... which is a great deal more worrying.
>> Yes. And no.
>> I'd hate to see a situation where it was impossible to buy an ARM (or
>> other CPU based board) without UEFI that can be disabled - but I support
>> devices that can be made to *only* run signed code *provided* MS is
>> *not* the certificate agency.
> Would that mean anybody who wants to build their own kernel would need
> to buy a signing key?
Not at all. You can generate your own key and load it into your UEFI.
It's no different a situation than using self-signed ssl certs
without buying one from a certificate authority. There's no need to
pay any money to anyone to use the secure boot feature. Is it a
hassle? Sure, but you're not beholden to any 3rd party regardless.