Gentoo Archives: gentoo-dev

From: gregkh@g.o
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo
Date: Sat, 16 Jun 2012 00:05:58
Message-Id: 20120616000340.GH9885@kroah.com
In Reply to: Re: [gentoo-dev] UEFI secure boot and Gentoo by "Michał Górny"
On Fri, Jun 15, 2012 at 09:26:07AM +0200, Michał Górny wrote:
> On Thu, 14 Jun 2012 21:56:04 -0700 > Greg KH <gregkh@g.o> wrote: > > > On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote: > > > On 15 June 2012 09:58, Greg KH <gregkh@g.o> wrote: > > > > So, anyone been thinking about this?  I have, and it's not pretty. > > > > > > > > Should I worry about this and how it affects Gentoo, or not worry > > > > about Gentoo right now and just focus on the other issues? > > > > > > I think it at least makes sense to talk about it, and work out what > > > we can and cannot do. > > > > > > I guess we're in an especially bad position since everybody builds > > > their own bootloader. Is there /any/ viable solution that allows > > > people to continue doing this short of distributing a first-stage > > > bootloader blob? > > > > Distributing a first-stage bootloader blob, that is signed by > > Microsoft, or someone, seems to be the only way to easily handle this. > > Maybe we could get one such a blob for all distros/systems? > > Also, does this signature system have any restrictions on what is > signed and what is not? In other words, will they actually sign a blob > saying 'work-around signatures' on the top?
It is uncertian at the moment what the requirements are, I'm trying to nail this down. But, in order to protect all other companies, I imagine they are going to be pretty restrictive, otherwise it really makes no sense at all to have this in the first place. greg k-h