| 1 |
On 06/15/2012 12:14 PM, Rich Freeman wrote: |
| 2 |
> 5. If somebody (perhaps under the umbrella of hardened) wanted to |
| 3 |
> create a Gentoo project around a fully trusted Gentoo I'd be |
| 4 |
> completely supportive of that. It would take work. In the spirit of |
| 5 |
> Gentoo we should allow anybody to build their own signed with their |
| 6 |
> own key, and perhaps we might have an official Gentoo-certified one |
| 7 |
> that we would sign and the Foundation would obtain the necessary UEFI |
| 8 |
> keys. However, that should be viewed as more of a service, and not a |
| 9 |
> core offering - Gentoo will never depend on a piece of non-free |
| 10 |
> software or metadata (and I'd probably lump a signing key into that |
| 11 |
> category). The same tools (minus the private keys) used to generate |
| 12 |
> any secure offering made by Gentoo should be available for users to |
| 13 |
> use and sign their own systems. |
| 14 |
|
| 15 |
If we want to try to get serious on 5, we could try to gather the |
| 16 |
hardened/security people across distributions and setup the whole chain |
| 17 |
to be parallel and cut deals with OEM to store this trust-chain keys |
| 18 |
along with MS. |
| 19 |
|
| 20 |
lu |
| 21 |
|
| 22 |
|
| 23 |
-- |
| 24 |
|
| 25 |
Luca Barbato |
| 26 |
Gentoo/linux |
| 27 |
http://dev.gentoo.org/~lu_zero |
Archives