Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Ben de Groot <yngwin@g.o>
Subject: Re: UEFI secure boot and Gentoo
Date: Fri, 15 Jun 2012 18:50:25 +0800
On 15 June 2012 15:58, Richard Farina <sidhayn@...> wrote:
> On 06/15/2012 03:12 AM, Ben de Groot wrote:
>> On 15 June 2012 13:24, Arun Raghavan <ford_prefect@g.o> wrote:
>>> On 15 June 2012 10:33, Ben de Groot <yngwin@g.o> wrote:
>>>> On 15 June 2012 12:45, Arun Raghavan <ford_prefect@g.o> wrote:
>>>>> On 15 June 2012 09:58, Greg KH <gregkh@g.o> wrote:
>>>>>> So, anyone been thinking about this?  I have, and it's not pretty.
>>>>>>
>>>>>> Minor details like, "do we have a 'company' that can pay Microsoft to
>>>>>> sign our bootloader?" is one aspect from the non-technical side that I've
>>>>>> been wondering about.
>>>>>
>>>>> Sounds like something the Gentoo Foundation could do.
>>>>
>>>> I'm certainly not the only one who would be averse to paying Microsoft
>>>> any ransom money.
>>>
>>> And our refusal to pay for the signing affects precisely nobody except
>>> for our users, who will have to jump through an extra hoop to make
>>> their system work.
>>>
>>> On the flip side, having a simple way to use this infrastructure means
>>> that people who care about security can get a chain of trust from the
>>> firmware to the kernel (heck, maybe even userspace one day). This is
>>> something that is worth having as well.
>>
>> I agree that security is a worthwhile goal. I just don't trust Microsoft.
>>
> It's more of a "pay us or your system can't boot" that I'm opposed to.

That's why I called it ransom money. I'm very opposed to that too.

But if we're talking about security and a chain of trust, then Microsoft
has no place in that either.

> Saying "I just don't trust Microsoft" is second to "I just don't trust
> corporations that extort money from me just so I can boot".  I don't
> care who we are paying, I'm offended by the idea.  If users can't build
> their own fully functional boot loader that's an issue.
>
> I'm all for the signed "work-around signatures" idea as it is the least
> objectionable... if such a thing is even possible.
>
> -Zero
>



-- 
Cheers,

Ben | yngwin
Gentoo developer
Gentoo Qt project lead


References:
UEFI secure boot and Gentoo
-- Greg KH
Re: UEFI secure boot and Gentoo
-- Arun Raghavan
Re: UEFI secure boot and Gentoo
-- Ben de Groot
Re: UEFI secure boot and Gentoo
-- Arun Raghavan
Re: UEFI secure boot and Gentoo
-- Ben de Groot
Re: UEFI secure boot and Gentoo
-- Richard Farina
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: UEFI secure boot and Gentoo
Next by thread:
Re: UEFI secure boot and Gentoo
Previous by date:
Re: UEFI secure boot and Gentoo
Next by date:
Re: UEFI secure boot and Gentoo


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.