| 1 |
On 2012-06-15 7:56 AM, Greg KH wrote: |
| 2 |
> Distributing a first-stage bootloader blob, that is signed by Microsoft, |
| 3 |
> or someone, seems to be the only way to easily handle this. |
| 4 |
|
| 5 |
Fedora agrees: |
| 6 |
http://mjg59.dreamwidth.org/12368.html |
| 7 |
|
| 8 |
Other distros haven't decided yet afaik although there have been some |
| 9 |
discussions. |
| 10 |
|
| 11 |
> Also, some people might really want to sign their own bootloader and |
| 12 |
> kernel, and kernel modules (myself included) |
| 13 |
|
| 14 |
Yes, that is the goal we should try to achieve, i.e. to give the option |
| 15 |
to our users to sign all the way to userland. |
| 16 |
|
| 17 |
> Oh, and on the first-stage bootloader front, I already know of 2 simple, |
| 18 |
> and open source, examples that will work for Linux, so getting something |
| 19 |
> like that signed might not be very tough. It's the "where does the |
| 20 |
> chain-of-trust stop" question that gets tricky... |
| 21 |
|
| 22 |
Exactly. Do you have any concrete proposals? |
| 23 |
|
| 24 |
-- |
| 25 |
Eray Aslan <eras@g.o> |
Archives