Re: Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
On 06/02/2012 04:34 AM, Sam Varshavchik wrote:
Well the math doesn't compute here, it's cryptographically impossible. I mean you could sign a shim that won't verify the integrity of the bootThere you go.
Look I can't really go on on that. You seem to imply that this is a bad thing. I simply say that it doesn't make sense to want this in the first place. I don't know what to say.
loader, but you would gain absolutely nothing from secure boot then, it makes as much as disabling it entirely.Let's rewind it back up a bit. The presumed purpose of a secure boot is to prevent bootloader-infecting malware. Once that out of the way, you're done with your secure boot. Proceed as usual.
Not really, since you established yourself that a kernel can act as a boot loader in a lot of ways. Leaving the ability to infect the kernel or any software able to boot another OS is the same as leaving secure boot disabled, so simply disable it.
Actually, it makes perfect sense. This is analogous to client certificate verification with TLS.mean it's not even a real catch-22, you won't ever boot the kernel before the firmware, so this is a non-issue.You need to put yourself into Microsoft's frame of mind. They're going in the direction of OEMs locking down their firmware to booting only Microsoft OSes. Now, the other shoe drops. In turn, some future Microsoft OS release will only boot on firmware that's signed by Microsoft's key. If it's not, the OS will refuse to boot, displaying a soothing message to the user that their hardware is incompatible. To make it compatible, OEMs will have to pay the same $99 fee for Microsoft to sign their firmware. Now you get it?
Yes, you're right, it does make sense. That would be considered blackmail though, at least if these OEMs don't have the option to abandon Microsoft to sell their products to competitors. Could they even get away with it?
Anyway, this would only affect OEMs and Windows users who want to install their copy of Windows on machines they assemble themselves (or in any way non-approved by Microsoft). Do we really care about them? I don't mean it in a bad way, but we've got enough to worry about already, that's an issue the FSF and the EFF might be interested in, not Fedora users. (If I did mean it in a bad way, I'd say these people could potentially become happy new Linux users :).)
Who said anything about selling? In the next sentence, my reference to copyright infringement was not a throwaway line. In order to boot a future Microsoft OS release, in a future version of libvirt, you will need a signed firmware image, swiped from an OEM who paid the Microsoft tax, order for the Microsoft OS to boot in your VM. VMWare will have no issues paying a fee to Microsoft, for their VM firmware signed, of course.
Oh, you're right, add the hypervisor developers to the previous list of affected people; I admit I didn't think of the VM side of things.
Actually it would even be the responsibility of the distributors to sign the hypervisors in this world. These we should certainly care about, I agree.
It's just that I see this a mile away. It's as clear a day. I have no particular passion towards Microsoft. I just want them to leave me the hell alone, that's all.
I know what you mean. Well, I learned a lot. -- t -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
[Older Fedora Users] [Fedora Announce] [Fedora Package Announce] [EPEL Announce] [Fedora News] [Fedora Cloud] [Fedora Advisory Board] [Fedora Education] [Fedora Security] [Fedora Scitech] [Fedora Robotics] [Fedora Maintainers] [Fedora Infrastructure] [Fedora Websites] [Anaconda Devel] [Fedora Devel Java] [Fedora Legacy] [Fedora Desktop] [Fedora Fonts] [ATA RAID] [Fedora Marketing] [Fedora Management Tools] [Fedora Mentors] [SSH] [Find Someone Special] [Fedora Package Review] [Fedora R Devel] [Fedora PHP Devel] [Kickstart] [Fedora Music] [Fedora Packaging] [Centos] [Fedora SELinux] [Fedora Legal] [Fedora Kernel] [Fedora QA] [Fedora Triage] [Fedora OCaml] [Coolkey] [Virtualization Tools] [ET Management Tools] [Yum Users] [Tux] [Yosemite News] [Yosemite Photos] [Linux Apps] [Maemo Users] [Gnome Users] [KDE Users] [Fedora Tools] [Fedora Art] [Fedora Docs] [Maemo Users] [Asterisk PBX] [Fedora Sparc] [Fedora Universal Network Connector] [Libvirt Users] [Fedora ARM]