Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Eray Aslan <eras@g.o>
Subject: Re: UEFI secure boot and Gentoo
Date: Fri, 15 Jun 2012 08:48:43 +0300
On 2012-06-15 7:56 AM, Greg KH wrote:
> Distributing a first-stage bootloader blob, that is signed by Microsoft,
> or someone, seems to be the only way to easily handle this.

Fedora agrees:
http://mjg59.dreamwidth.org/12368.html

Other distros haven't decided yet afaik although there have been some
discussions.

> Also, some people might really want to sign their own bootloader and
> kernel, and kernel modules (myself included)

Yes, that is the goal we should try to achieve, i.e. to give the option
to our users to sign all the way to userland.

> Oh, and on the first-stage bootloader front, I already know of 2 simple,
> and open source, examples that will work for Linux, so getting something
> like that signed might not be very tough.  It's the "where does the
> chain-of-trust stop" question that gets tricky...

Exactly.  Do you have any concrete proposals?

-- 
Eray Aslan <eras@g.o>

Attachment:
signature.asc (OpenPGP digital signature)
References:
UEFI secure boot and Gentoo
-- Greg KH
Re: UEFI secure boot and Gentoo
-- Arun Raghavan
Re: UEFI secure boot and Gentoo
-- Greg KH
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: UEFI secure boot and Gentoo
Next by thread:
Re: UEFI secure boot and Gentoo
Previous by date:
Re: UEFI secure boot and Gentoo
Next by date:
Re: New global USE flag "ps"


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.