| 1 |
On 06/19/2012 09:25 PM, Rich Freeman wrote: |
| 2 |
>> In theory, the kernel could be modified to only execute signed binaries |
| 3 |
>> and portage could be modified to produce signed binaries. The user could |
| 4 |
>> build a system that required everything to be signed with the private |
| 5 |
>> key of his choice. A hardened system that required signed binaries would |
| 6 |
>> be even more secure than a typical system using Secure Boot where only |
| 7 |
>> the bootloader, kernel and kernel modules are signed. The user would be |
| 8 |
>> in full control of his hardware. The user would not need to pay for this |
| 9 |
>> and the system would also boot faster. |
| 10 |
> |
| 11 |
> You can do all of this with the UEFI firmware that will come with your |
| 12 |
> computer already. Why replace it? |
| 13 |
|
| 14 |
We would gain a faster boot process. We would also enable people to |
| 15 |
avoid paying money for keys that can be revoked without a refund. |
| 16 |
|
| 17 |
I would rather people make donations to the Gentoo Foundation |
| 18 |
voluntarily than to Verisign out of necessity, but that is just me. |
Archives