Gentoo Archives: gentoo-dev

From: Eray Aslan <eras@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo
Date: Fri, 15 Jun 2012 05:50:02
Message-Id: 4FDACCBB.1060206@gentoo.org
In Reply to: Re: [gentoo-dev] UEFI secure boot and Gentoo by Greg KH
On 2012-06-15 7:56 AM, Greg KH wrote:
> Distributing a first-stage bootloader blob, that is signed by Microsoft, > or someone, seems to be the only way to easily handle this.
Fedora agrees: http://mjg59.dreamwidth.org/12368.html Other distros haven't decided yet afaik although there have been some discussions.
> Also, some people might really want to sign their own bootloader and > kernel, and kernel modules (myself included)
Yes, that is the goal we should try to achieve, i.e. to give the option to our users to sign all the way to userland.
> Oh, and on the first-stage bootloader front, I already know of 2 simple, > and open source, examples that will work for Linux, so getting something > like that signed might not be very tough. It's the "where does the > chain-of-trust stop" question that gets tricky...
Exactly. Do you have any concrete proposals? -- Eray Aslan <eras@g.o>

Attachments

File name MIME type
signature.asc application/pgp-signature