1 |
On Wed, Jun 20, 2012 at 04:13:46PM -0400, Richard Yao wrote: |
2 |
> On 06/20/2012 04:08 PM, Greg KH wrote: |
3 |
> > On Tue, Jun 19, 2012 at 06:11:46PM -0400, Richard Yao wrote: |
4 |
> >> I know that there is a great deal of discussion on the effect that |
5 |
> >> UEFI Secure Boot will have on us. As far as I know, Secure Boot is |
6 |
> >> implemented in the UEFI firmware and if we replace the firmware, |
7 |
> >> Secure Boot issues disappear. |
8 |
> > |
9 |
> > Stop right there. That's just not going to happen, sorry. You aren't |
10 |
> > going to be able to get a user to replace their BIOS, nor should you |
11 |
> > ever want to. You are not going to be able to keep up with the |
12 |
> > hundreds, if not thousands, of different motherboards being introduced |
13 |
> > every month, in order to just get rid of the secure boot option. |
14 |
> |
15 |
> OpenWRT does that with routers and Cyanogenmod does that with phones. |
16 |
|
17 |
No, neither of them replaces the BIOS in their machines with an |
18 |
opensource version. There is no BIOS in those platforms, it's just |
19 |
uboot or fastboot, the PC-like ecosystem is so vastly different it's |
20 |
laughable. |
21 |
|
22 |
> It seems reason for us to offer it as an option to users. With that |
23 |
> said, this probably won't happen. One of the Core Boot developers |
24 |
> informed me of what is involved in setting up the address space and it |
25 |
> is infeasible for us to do. |
26 |
|
27 |
And I agree with that developer. |
28 |
|
29 |
Don't get "replace all of userspace and the kernel" confused with |
30 |
"replace the UEFI bios". You do realize that the UEFI bios is at least |
31 |
double the size of the Linux kernel, with custom device drivers and tons |
32 |
of other stuff in there? Good luck replacing that... |
33 |
|
34 |
> > And I want secure boot on my machines, with a key I trust, don't you? |
35 |
> > If not, why not? I know lots of others that also want this, why deny |
36 |
> > them the ability to run Gentoo on their hardware? |
37 |
> |
38 |
> To be clear, I was not talking about taking away options from users. I |
39 |
> was talking about giving them options. |
40 |
|
41 |
You are taking secure boot out of their systems, that sounds like taking |
42 |
away an option to me :) |
43 |
|
44 |
Anyway, it's all a moot point, as has been explained already, sorry. |
45 |
|
46 |
greg k-h |