Gentoo Archives: gentoo-dev

From: Luca Barbato <lu_zero@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo
Date: Fri, 15 Jun 2012 12:23:36
Message-Id: 4FDB28F5.8080303@gentoo.org
In Reply to: Re: [gentoo-dev] UEFI secure boot and Gentoo by Rich Freeman
On 06/15/2012 12:14 PM, Rich Freeman wrote:
> 5. If somebody (perhaps under the umbrella of hardened) wanted to > create a Gentoo project around a fully trusted Gentoo I'd be > completely supportive of that. It would take work. In the spirit of > Gentoo we should allow anybody to build their own signed with their > own key, and perhaps we might have an official Gentoo-certified one > that we would sign and the Foundation would obtain the necessary UEFI > keys. However, that should be viewed as more of a service, and not a > core offering - Gentoo will never depend on a piece of non-free > software or metadata (and I'd probably lump a signing key into that > category). The same tools (minus the private keys) used to generate > any secure offering made by Gentoo should be available for users to > use and sign their own systems.
If we want to try to get serious on 5, we could try to gather the hardened/security people across distributions and setup the whole chain to be parallel and cut deals with OEM to store this trust-chain keys along with MS. lu -- Luca Barbato Gentoo/linux http://dev.gentoo.org/~lu_zero

Replies

Subject Author
Re: [gentoo-dev] UEFI secure boot and Gentoo Rich Freeman <rich0@g.o>