Re: Need more info: UEFI Secure Boot in Fedora |
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Need more info: UEFI Secure Boot in Fedora
- From: Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>
- Date: Thu, 31 May 2012 13:56:11 +0100
- Cc: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx>
- Delivered-to: users@xxxxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <BLU0-SMTP180723B1BDE381521791108FE0B0@phx.gbl>
- Reply-to: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx>
> Thanks for the reply and clearing the confusion.
> and to make sure future boards i buy lets users disable secure boot.
By far the best idea. As a kernel rights holder I question the legality
of Matthew's proposal, and it would be amusingly unfortunate if the
Software Conservancy ended up beginning some of its Linux enforcement
against Fedora.
The other source of machines is of course going to be Google chromebooks
and the like. They don't have a windows tax on them in the first place
and have a developer switch.
In fact in many ways the chromebooks and the like work the way it appears
the secure boot stuff will ultimately work. If supplied as a system you
would need to perform a specific incantation that demonstrates you are
physically present and intend to unlock the device.
That part of things is actually quite sensible - it means you can give a
box to a random end user who doesn't want to do anything clever with it
and the lock is a value, but the unlock can be done.
What is much more evil is that the EFI scheme is engineered so that
- the mechanism for unlocking is not defined but will vary by device
- the process of getting keys into BIOSes is sufficiently fragmented and
convoluted that in effect Microsoft own the keys. This stops you
locking the device down with your own key.
There is some hope the BIOS vendors will at least get their act together
a bit on the former, if only to avoid the support calls and board returns
killing them. With the wafer thin margins they have they simply cannot
afford to have customers returning systems due to poor documentation.
Alan
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Older Fedora Users]
[Fedora Announce]
[Fedora Package Announce]
[EPEL Announce]
[Fedora News]
[Fedora Cloud]
[Fedora Advisory Board]
[Fedora Education]
[Fedora Security]
[Fedora Scitech]
[Fedora Robotics]
[Fedora Maintainers]
[Fedora Infrastructure]
[Fedora Websites]
[Anaconda Devel]
[Fedora Devel Java]
[Fedora Legacy]
[Fedora Desktop]
[Fedora Fonts]
[ATA RAID]
[Fedora Marketing]
[Fedora Management Tools]
[Fedora Mentors]
[SSH]
[Find Someone Special]
[Fedora Package Review]
[Fedora R Devel]
[Fedora PHP Devel]
[Kickstart]
[Fedora Music]
[Fedora Packaging]
[Centos]
[Fedora SELinux]
[Fedora Legal]
[Fedora Kernel]
[Fedora QA]
[Fedora Triage]
[Fedora OCaml]
[Coolkey]
[Virtualization Tools]
[ET Management Tools]
[Yum Users]
[Tux]
[Yosemite News]
[Yosemite Photos]
[Linux Apps]
[Maemo Users]
[Gnome Users]
[KDE Users]
[Fedora Tools]
[Fedora Art]
[Fedora Docs]
[Maemo Users]
[Asterisk PBX]
[Fedora Sparc]
[Fedora Universal Network Connector]
[Libvirt Users]
[Fedora ARM]
