Gentoo Archives: gentoo-dev

From: "Chí-Thanh Christopher Nguyễn" <chithanh@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo
Date: Fri, 15 Jun 2012 04:58:13
Message-Id: 4FDAC0A2.4070801@gentoo.org
In Reply to: [gentoo-dev] UEFI secure boot and Gentoo by Greg KH
1 Greg KH schrieb:
2 > So, anyone been thinking about this? I have, and it's not pretty.
3 >
4 > Should I worry about this and how it affects Gentoo, or not worry about
5 > Gentoo right now and just focus on the other issues?
6 >
7 > Minor details like, "do we have a 'company' that can pay Microsoft to
8 > sign our bootloader?" is one aspect from the non-technical side that I've
9 > been wondering about.
10
11 For the current crop of hardware, it is probably sufficient to add a
12 paragraph to the handbook which tells the user to disable secure boot.
13
14 Getting users' self-compiled boot loaders signed with a Gentoo key is
15 probably infeasible.
16
17 If you have influence on UEFI secure boot spec, you could suggest that
18 they mandate a UI which lists all boot images known to the EFI boot
19 manager, and the user can easily whitelist both individual loaders and
20 the keys used to sign them.
21
22
23 Best regards,
24 Chí-Thanh Christopher Nguyễn

Replies

Subject Author
Re: [gentoo-dev] UEFI secure boot and Gentoo Luca Barbato <lu_zero@g.o>
Re: [gentoo-dev] UEFI secure boot and Gentoo Greg KH <gregkh@g.o>