On Thu, 14 Jun 2012 21:56:04 -0700
Greg KH <email@example.com> wrote:
> On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
> > On 15 June 2012 09:58, Greg KH <firstname.lastname@example.org> wrote:
> > > So, anyone been thinking about this? I have, and it's not pretty.
> > >
> > > Should I worry about this and how it affects Gentoo, or not worry
> > > about Gentoo right now and just focus on the other issues?
> > I think it at least makes sense to talk about it, and work out what
> > we can and cannot do.
> > I guess we're in an especially bad position since everybody builds
> > their own bootloader. Is there /any/ viable solution that allows
> > people to continue doing this short of distributing a first-stage
> > bootloader blob?
> Distributing a first-stage bootloader blob, that is signed by
> Microsoft, or someone, seems to be the only way to easily handle this.
Maybe we could get one such a blob for all distros/systems?
Also, does this signature system have any restrictions on what is
signed and what is not? In other words, will they actually sign a blob
saying 'work-around signatures' on the top?