Gentoo Archives: gentoo-dev

From: Greg KH <gregkh@g.o>
To: gentoo-dev@l.g.o
Cc: gentoo-genkernel@l.g.o, Sabayon public development mailing list <devel@×××××××××××××.org>, funtoo-dev@××××××××××××.com
Subject: Re: [gentoo-dev] Killing UEFI Secure Boot
Date: Wed, 20 Jun 2012 20:10:24
Message-Id: 20120620200858.GA3332@kroah.com
In Reply to: [gentoo-dev] Killing UEFI Secure Boot by Richard Yao
On Tue, Jun 19, 2012 at 06:11:46PM -0400, Richard Yao wrote:
> I know that there is a great deal of discussion on the effect that > UEFI Secure Boot will have on us. As far as I know, Secure Boot is > implemented in the UEFI firmware and if we replace the firmware, > Secure Boot issues disappear.
Stop right there. That's just not going to happen, sorry. You aren't going to be able to get a user to replace their BIOS, nor should you ever want to. You are not going to be able to keep up with the hundreds, if not thousands, of different motherboards being introduced every month, in order to just get rid of the secure boot option. You have a much better chance of just telling the user, "Disable the Secure Boot option in your BIOS". "No, that doesn't mean that Linux isn't secure." "Yes, I understand it looks that way." And the conversation degenerates from there. Sorry, not a valid solution. And I want secure boot on my machines, with a key I trust, don't you? If not, why not? I know lots of others that also want this, why deny them the ability to run Gentoo on their hardware? greg k-h

Replies

Subject Author
Re: [gentoo-dev] Killing UEFI Secure Boot Richard Yao <ryao@g.o>