Gentoo Archives: gentoo-dev

From: Florian Philipp <lists@×××××××××××.net>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo
Date: Sat, 16 Jun 2012 08:35:20
In Reply to: Re: [gentoo-dev] UEFI secure boot and Gentoo by Greg KH
Am 16.06.2012 01:59, schrieb Greg KH:
> On Fri, Jun 15, 2012 at 09:49:01AM +0200, Florian Philipp wrote: >> Am 15.06.2012 09:26, schrieb Michał Górny: >>> On Thu, 14 Jun 2012 21:56:04 -0700 Greg KH <gregkh@g.o> wrote: >>>> On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote: >>>>> On 15 June 2012 09:58, Greg KH <gregkh@g.o> wrote: >>>>>> So, anyone been thinking about this? I have, and it's not pretty. >>>>>> >>>>>> Should I worry about this and how it affects Gentoo, or not worry >>>>>> about Gentoo right now and just focus on the other issues? >>>>> >>>>> I think it at least makes sense to talk about it, and work out what >>>>> we can and cannot do. >>>>> >>>>> I guess we're in an especially bad position since everybody builds >>>>> their own bootloader. Is there /any/ viable solution that allows >>>>> people to continue doing this short of distributing a first-stage >>>>> bootloader blob? >>>> >>>> Distributing a first-stage bootloader blob, that is signed by >>>> Microsoft, or someone, seems to be the only way to easily handle this. >>> >>> Maybe we could get one such a blob for all distros/systems? >>> >> >> I guess nothing prevents you from re-distributing Fedora's blob. > > Fedora's blob will not boot your unsigned-with-fedoras-key kernel, so > redistributing it will not help anyone :( >
I meant along with Fedora's kernel, signed binary modules and so forth. The whole kernel space.


File name MIME type
signature.asc application/pgp-signature