1 |
On 06/20/2012 04:08 PM, Greg KH wrote: |
2 |
> On Tue, Jun 19, 2012 at 06:11:46PM -0400, Richard Yao wrote: |
3 |
>> I know that there is a great deal of discussion on the effect that |
4 |
>> UEFI Secure Boot will have on us. As far as I know, Secure Boot is |
5 |
>> implemented in the UEFI firmware and if we replace the firmware, |
6 |
>> Secure Boot issues disappear. |
7 |
> |
8 |
> Stop right there. That's just not going to happen, sorry. You aren't |
9 |
> going to be able to get a user to replace their BIOS, nor should you |
10 |
> ever want to. You are not going to be able to keep up with the |
11 |
> hundreds, if not thousands, of different motherboards being introduced |
12 |
> every month, in order to just get rid of the secure boot option. |
13 |
|
14 |
OpenWRT does that with routers and Cyanogenmod does that with phones. It |
15 |
seems reason for us to offer it as an option to users. With that said, |
16 |
this probably won't happen. One of the Core Boot developers informed me |
17 |
of what is involved in setting up the address space and it is infeasible |
18 |
for us to do. |
19 |
|
20 |
> And I want secure boot on my machines, with a key I trust, don't you? |
21 |
> If not, why not? I know lots of others that also want this, why deny |
22 |
> them the ability to run Gentoo on their hardware? |
23 |
|
24 |
To be clear, I was not talking about taking away options from users. I |
25 |
was talking about giving them options. |