On Fri, Jun 15, 2012 at 09:26:07AM +0200, Michał Górny wrote:
> On Thu, 14 Jun 2012 21:56:04 -0700
> Greg KH <firstname.lastname@example.org> wrote:
> > On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
> > > On 15 June 2012 09:58, Greg KH <email@example.com> wrote:
> > > > So, anyone been thinking about this? I have, and it's not pretty.
> > > >
> > > > Should I worry about this and how it affects Gentoo, or not worry
> > > > about Gentoo right now and just focus on the other issues?
> > >
> > > I think it at least makes sense to talk about it, and work out what
> > > we can and cannot do.
> > >
> > > I guess we're in an especially bad position since everybody builds
> > > their own bootloader. Is there /any/ viable solution that allows
> > > people to continue doing this short of distributing a first-stage
> > > bootloader blob?
> > Distributing a first-stage bootloader blob, that is signed by
> > Microsoft, or someone, seems to be the only way to easily handle this.
> Maybe we could get one such a blob for all distros/systems?
> Also, does this signature system have any restrictions on what is
> signed and what is not? In other words, will they actually sign a blob
> saying 'work-around signatures' on the top?
It is uncertian at the moment what the requirements are, I'm trying to
nail this down. But, in order to protect all other companies, I imagine
they are going to be pretty restrictive, otherwise it really makes no
sense at all to have this in the first place.