1 |
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote: |
2 |
> On 15 June 2012 09:58, Greg KH <gregkh@g.o> wrote: |
3 |
> > So, anyone been thinking about this? I have, and it's not pretty. |
4 |
> > |
5 |
> > Should I worry about this and how it affects Gentoo, or not worry about |
6 |
> > Gentoo right now and just focus on the other issues? |
7 |
> |
8 |
> I think it at least makes sense to talk about it, and work out what we |
9 |
> can and cannot do. |
10 |
> |
11 |
> I guess we're in an especially bad position since everybody builds |
12 |
> their own bootloader. Is there /any/ viable solution that allows |
13 |
> people to continue doing this short of distributing a first-stage |
14 |
> bootloader blob? |
15 |
|
16 |
Distributing a first-stage bootloader blob, that is signed by Microsoft, |
17 |
or someone, seems to be the only way to easily handle this. |
18 |
|
19 |
Although all BIOSes will have the option to turn secure boot off, I |
20 |
think it is something that we might not want to require for Gentoo to |
21 |
work properly on those machines. |
22 |
|
23 |
Also, some people might really want to sign their own bootloader and |
24 |
kernel, and kernel modules (myself included), so just getting that basic |
25 |
infrastructure in place is going to take some work, no matter who ends |
26 |
up signing the first-stage bootloader blob. |
27 |
|
28 |
Oh, and on the first-stage bootloader front, I already know of 2 simple, |
29 |
and open source, examples that will work for Linux, so getting something |
30 |
like that signed might not be very tough. It's the "where does the |
31 |
chain-of-trust stop" question that gets tricky... |
32 |
|
33 |
> > Minor details like, "do we have a 'company' that can pay Microsoft to |
34 |
> > sign our bootloader?" is one aspect from the non-technical side that I've |
35 |
> > been wondering about. |
36 |
> |
37 |
> Sounds like something the Gentoo Foundation could do. |
38 |
|
39 |
Can they do that? I haven't been paying attention to if we are really a |
40 |
legal entity still or not, sorry. |
41 |
|
42 |
greg k-h |