List Archive: gentoo-dev
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On 06/15/2012 06:57 AM, Chí-Thanh Christopher Nguyễn wrote:
> Greg KH schrieb:
>> So, anyone been thinking about this? I have, and it's not pretty.
>> Should I worry about this and how it affects Gentoo, or not worry about
>> Gentoo right now and just focus on the other issues?
>> Minor details like, "do we have a 'company' that can pay Microsoft to
>> sign our bootloader?" is one aspect from the non-technical side that I've
>> been wondering about.
> For the current crop of hardware, it is probably sufficient to add a
> paragraph to the handbook which tells the user to disable secure boot.
> Getting users' self-compiled boot loaders signed with a Gentoo key is
> probably infeasible.
> If you have influence on UEFI secure boot spec, you could suggest that
> they mandate a UI which lists all boot images known to the EFI boot
> manager, and the user can easily whitelist both individual loaders and
> the keys used to sign them.
That would be a good compromise.