Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Richard Yao <ryao@g.o>
Subject: Re: Killing UEFI Secure Boot
Date: Tue, 19 Jun 2012 21:33:15 -0400
On 06/19/2012 09:25 PM, Rich Freeman wrote:
>> In theory, the kernel could be modified to only execute signed binaries
>> and portage could be modified to produce signed binaries. The user could
>> build a system that required everything to be signed with the private
>> key of his choice. A hardened system that required signed binaries would
>> be even more secure than a typical system using Secure Boot where only
>> the bootloader, kernel and kernel modules are signed. The user would be
>> in full control of his hardware. The user would not need to pay for this
>> and the system would also boot faster.
> 
> You can do all of this with the UEFI firmware that will come with your
> computer already.  Why replace it?

We would gain a faster boot process. We would also enable people to
avoid paying money for keys that can be revoked without a refund.

I would rather people make donations to the Gentoo Foundation
voluntarily than to Verisign out of necessity, but that is just me.


Replies:
Re: Killing UEFI Secure Boot
-- Rich Freeman
References:
Re: Killing UEFI Secure Boot
-- Rich Freeman
Re: Killing UEFI Secure Boot
-- Richard Yao
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Killing UEFI Secure Boot
Next by thread:
Re: Killing UEFI Secure Boot
Previous by date:
Re: Killing UEFI Secure Boot
Next by date:
Re: Killing UEFI Secure Boot


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.