Gentoo Archives: gentoo-dev

From: "Chí-Thanh Christopher Nguyễn" <chithanh@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo
Date: Fri, 15 Jun 2012 04:58:13
In Reply to: [gentoo-dev] UEFI secure boot and Gentoo by Greg KH
Greg KH schrieb:
> So, anyone been thinking about this? I have, and it's not pretty. > > Should I worry about this and how it affects Gentoo, or not worry about > Gentoo right now and just focus on the other issues? > > Minor details like, "do we have a 'company' that can pay Microsoft to > sign our bootloader?" is one aspect from the non-technical side that I've > been wondering about.
For the current crop of hardware, it is probably sufficient to add a paragraph to the handbook which tells the user to disable secure boot. Getting users' self-compiled boot loaders signed with a Gentoo key is probably infeasible. If you have influence on UEFI secure boot spec, you could suggest that they mandate a UI which lists all boot images known to the EFI boot manager, and the user can easily whitelist both individual loaders and the keys used to sign them. Best regards, Chí-Thanh Christopher Nguyễn


Subject Author
Re: [gentoo-dev] UEFI secure boot and Gentoo Luca Barbato <lu_zero@g.o>
Re: [gentoo-dev] UEFI secure boot and Gentoo Greg KH <gregkh@g.o>