1 |
On 06/15/2012 06:57 AM, Chí-Thanh Christopher Nguyễn wrote: |
2 |
> Greg KH schrieb: |
3 |
>> So, anyone been thinking about this? I have, and it's not pretty. |
4 |
>> |
5 |
>> Should I worry about this and how it affects Gentoo, or not worry about |
6 |
>> Gentoo right now and just focus on the other issues? |
7 |
>> |
8 |
>> Minor details like, "do we have a 'company' that can pay Microsoft to |
9 |
>> sign our bootloader?" is one aspect from the non-technical side that I've |
10 |
>> been wondering about. |
11 |
> |
12 |
> For the current crop of hardware, it is probably sufficient to add a |
13 |
> paragraph to the handbook which tells the user to disable secure boot. |
14 |
> |
15 |
> Getting users' self-compiled boot loaders signed with a Gentoo key is |
16 |
> probably infeasible. |
17 |
> |
18 |
> If you have influence on UEFI secure boot spec, you could suggest that |
19 |
> they mandate a UI which lists all boot images known to the EFI boot |
20 |
> manager, and the user can easily whitelist both individual loaders and |
21 |
> the keys used to sign them. |
22 |
> |
23 |
|
24 |
That would be a good compromise. |
25 |
|
26 |
|
27 |
-- |
28 |
|
29 |
Luca Barbato |
30 |
Gentoo/linux |
31 |
http://dev.gentoo.org/~lu_zero |