1 |
On 2012-06-15 7:56 AM, Greg KH wrote: |
2 |
> Distributing a first-stage bootloader blob, that is signed by Microsoft, |
3 |
> or someone, seems to be the only way to easily handle this. |
4 |
|
5 |
Fedora agrees: |
6 |
http://mjg59.dreamwidth.org/12368.html |
7 |
|
8 |
Other distros haven't decided yet afaik although there have been some |
9 |
discussions. |
10 |
|
11 |
> Also, some people might really want to sign their own bootloader and |
12 |
> kernel, and kernel modules (myself included) |
13 |
|
14 |
Yes, that is the goal we should try to achieve, i.e. to give the option |
15 |
to our users to sign all the way to userland. |
16 |
|
17 |
> Oh, and on the first-stage bootloader front, I already know of 2 simple, |
18 |
> and open source, examples that will work for Linux, so getting something |
19 |
> like that signed might not be very tough. It's the "where does the |
20 |
> chain-of-trust stop" question that gets tricky... |
21 |
|
22 |
Exactly. Do you have any concrete proposals? |
23 |
|
24 |
-- |
25 |
Eray Aslan <eras@g.o> |