Gentoo Archives: gentoo-genkernel

From: Richard Yao <ryao@g.o>
To: gentoo-dev@l.g.o
Cc: Greg KH <gregkh@g.o>, gentoo-genkernel@l.g.o, Sabayon public development mailing list <devel@×××××××××××××.org>, funtoo-dev@××××××××××××.com
Subject: [gentoo-genkernel] Re: [gentoo-dev] Killing UEFI Secure Boot
Date: Wed, 20 Jun 2012 20:15:29
Message-Id: 4FE22EFA.7040304@gentoo.org
On 06/20/2012 04:08 PM, Greg KH wrote:
> On Tue, Jun 19, 2012 at 06:11:46PM -0400, Richard Yao wrote: >> I know that there is a great deal of discussion on the effect that >> UEFI Secure Boot will have on us. As far as I know, Secure Boot is >> implemented in the UEFI firmware and if we replace the firmware, >> Secure Boot issues disappear. > > Stop right there. That's just not going to happen, sorry. You aren't > going to be able to get a user to replace their BIOS, nor should you > ever want to. You are not going to be able to keep up with the > hundreds, if not thousands, of different motherboards being introduced > every month, in order to just get rid of the secure boot option.
OpenWRT does that with routers and Cyanogenmod does that with phones. It seems reason for us to offer it as an option to users. With that said, this probably won't happen. One of the Core Boot developers informed me of what is involved in setting up the address space and it is infeasible for us to do.
> And I want secure boot on my machines, with a key I trust, don't you? > If not, why not? I know lots of others that also want this, why deny > them the ability to run Gentoo on their hardware?
To be clear, I was not talking about taking away options from users. I was talking about giving them options.