Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Greg KH <gregkh@g.o>
Subject: Re: UEFI secure boot and Gentoo
Date: Thu, 14 Jun 2012 21:56:04 -0700
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
> On 15 June 2012 09:58, Greg KH <gregkh@g.o> wrote:
> > So, anyone been thinking about this?  I have, and it's not pretty.
> >
> > Should I worry about this and how it affects Gentoo, or not worry about
> > Gentoo right now and just focus on the other issues?
> 
> I think it at least makes sense to talk about it, and work out what we
> can and cannot do.
> 
> I guess we're in an especially bad position since everybody builds
> their own bootloader. Is there /any/ viable solution that allows
> people to continue doing this short of distributing a first-stage
> bootloader blob?

Distributing a first-stage bootloader blob, that is signed by Microsoft,
or someone, seems to be the only way to easily handle this.

Although all BIOSes will have the option to turn secure boot off, I
think it is something that we might not want to require for Gentoo to
work properly on those machines.

Also, some people might really want to sign their own bootloader and
kernel, and kernel modules (myself included), so just getting that basic
infrastructure in place is going to take some work, no matter who ends
up signing the first-stage bootloader blob.

Oh, and on the first-stage bootloader front, I already know of 2 simple,
and open source, examples that will work for Linux, so getting something
like that signed might not be very tough.  It's the "where does the
chain-of-trust stop" question that gets tricky...

> > Minor details like, "do we have a 'company' that can pay Microsoft to
> > sign our bootloader?" is one aspect from the non-technical side that I've
> > been wondering about.
> 
> Sounds like something the Gentoo Foundation could do.

Can they do that?  I haven't been paying attention to if we are really a
legal entity still or not, sorry.

greg k-h


Replies:
Re: UEFI secure boot and Gentoo
-- Michał Górny
Re: UEFI secure boot and Gentoo
-- Eray Aslan
Re: UEFI secure boot and Gentoo
-- Arun Raghavan
References:
UEFI secure boot and Gentoo
-- Greg KH
Re: UEFI secure boot and Gentoo
-- Arun Raghavan
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: UEFI secure boot and Gentoo
Next by thread:
Re: UEFI secure boot and Gentoo
Previous by date:
Re: UEFI secure boot and Gentoo
Next by date:
Re: UEFI secure boot and Gentoo


Updated Jun 23, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.