Gentoo Archives: gentoo-dev

From: Greg KH <gregkh@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo
Date: Sat, 16 Jun 2012 00:00:30
Message-Id: 20120615235906.GD9885@kroah.com
In Reply to: Re: [gentoo-dev] UEFI secure boot and Gentoo by Florian Philipp
On Fri, Jun 15, 2012 at 09:49:01AM +0200, Florian Philipp wrote:
> Am 15.06.2012 09:26, schrieb Michał Górny: > > On Thu, 14 Jun 2012 21:56:04 -0700 Greg KH <gregkh@g.o> wrote: > >> On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote: > >>> On 15 June 2012 09:58, Greg KH <gregkh@g.o> wrote: > >>>> So, anyone been thinking about this? I have, and it's not pretty. > >>>> > >>>> Should I worry about this and how it affects Gentoo, or not worry > >>>> about Gentoo right now and just focus on the other issues? > >>> > >>> I think it at least makes sense to talk about it, and work out what > >>> we can and cannot do. > >>> > >>> I guess we're in an especially bad position since everybody builds > >>> their own bootloader. Is there /any/ viable solution that allows > >>> people to continue doing this short of distributing a first-stage > >>> bootloader blob? > >> > >> Distributing a first-stage bootloader blob, that is signed by > >> Microsoft, or someone, seems to be the only way to easily handle this. > > > > Maybe we could get one such a blob for all distros/systems? > > > > I guess nothing prevents you from re-distributing Fedora's blob.
Fedora's blob will not boot your unsigned-with-fedoras-key kernel, so redistributing it will not help anyone :( greg k-h

Replies

Subject Author
Re: [gentoo-dev] UEFI secure boot and Gentoo Florian Philipp <lists@×××××××××××.net>