Re: Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
Thibault Nélis writes:
On 06/02/2012 04:34 AM, Sam Varshavchik wrote:Well the math doesn't compute here, it's cryptographically impossible. I mean you could sign a shim that won't verify the integrity of the bootThere you go.Look I can't really go on on that. You seem to imply that this is a bad thing. I simply say that it doesn't make sense to want this in the first place. I don't know what to say.
But I thought that this was the plan of action, isn't it? Sign a shim that boots Fedora. Presto, secured boot, with Microsoft's blessing.
So, did you just change your mind, and realize that: 1) It makes no sense, and2) Microsoft is not going to sign a shim that will boot an arbitrary Linux kernel, which can be trivially used to bypass the protection that a secured boot offers to their non-free OS?
Actually, it makes perfect sense. This is analogous to client certificate verification with TLS.mean it's not even a real catch-22, you won't ever boot the kernel before the firmware, so this is a non-issue.You need to put yourself into Microsoft's frame of mind. They're going in the direction of OEMs locking down their firmware to booting only Microsoft OSes. Now, the other shoe drops. In turn, some future Microsoft OS release will only boot on firmware that's signed by Microsoft's key. If it's not, the OS will refuse to boot, displaying a soothing message to the user that their hardware is incompatible. To make it compatible, OEMs will have to pay the same $99 fee for Microsoft to sign their firmware. Now you get it?Yes, you're right, it does make sense. That would be considered blackmail
Somehow, I don't think they'd care how it's called, on this mailing list.
though, at least if these OEMs don't have the option to abandon Microsoft to sell their products to competitors. Could they even get away with it?
Who would stop them?
Anyway, this would only affect OEMs and Windows users who want to install their copy of Windows on machines they assemble themselves (or in any way non-approved by Microsoft).
Which includes install into a virtual machine that did not pay the Microsoft tax. That would include KVM.
Do we really care about them?
Well, in the same way you'd care about someone sitting on the side of the road, all bloodied up, next to flaming, smoking wreck. You don't know them. They're of no personal interest to you. Still, as a human being, you would care somewhat. Maybe just a little. That's one of the things that makes you human.
Description: PGP signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
[Older Fedora Users] [Fedora Announce] [Fedora Package Announce] [EPEL Announce] [Fedora News] [Fedora Cloud] [Fedora Advisory Board] [Fedora Education] [Fedora Security] [Fedora Scitech] [Fedora Robotics] [Fedora Maintainers] [Fedora Infrastructure] [Fedora Websites] [Anaconda Devel] [Fedora Devel Java] [Fedora Legacy] [Fedora Desktop] [Fedora Fonts] [ATA RAID] [Fedora Marketing] [Fedora Management Tools] [Fedora Mentors] [SSH] [Find Someone Special] [Fedora Package Review] [Fedora R Devel] [Fedora PHP Devel] [Kickstart] [Fedora Music] [Fedora Packaging] [Centos] [Fedora SELinux] [Fedora Legal] [Fedora Kernel] [Fedora QA] [Fedora Triage] [Fedora OCaml] [Coolkey] [Virtualization Tools] [ET Management Tools] [Yum Users] [Tux] [Yosemite News] [Yosemite Photos] [Linux Apps] [Maemo Users] [Gnome Users] [KDE Users] [Fedora Tools] [Fedora Art] [Fedora Docs] [Maemo Users] [Asterisk PBX] [Fedora Sparc] [Fedora Universal Network Connector] [Libvirt Users] [Fedora ARM]