Gentoo Archives: gentoo-dev

From: Richard Yao <ryao@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Killing UEFI Secure Boot
Date: Wed, 20 Jun 2012 01:35:47
In Reply to: Re: [gentoo-dev] Killing UEFI Secure Boot by Rich Freeman
On 06/19/2012 09:25 PM, Rich Freeman wrote:
>> In theory, the kernel could be modified to only execute signed binaries >> and portage could be modified to produce signed binaries. The user could >> build a system that required everything to be signed with the private >> key of his choice. A hardened system that required signed binaries would >> be even more secure than a typical system using Secure Boot where only >> the bootloader, kernel and kernel modules are signed. The user would be >> in full control of his hardware. The user would not need to pay for this >> and the system would also boot faster. > > You can do all of this with the UEFI firmware that will come with your > computer already. Why replace it?
We would gain a faster boot process. We would also enable people to avoid paying money for keys that can be revoked without a refund. I would rather people make donations to the Gentoo Foundation voluntarily than to Verisign out of necessity, but that is just me.


Subject Author
Re: [gentoo-dev] Killing UEFI Secure Boot Rich Freeman <rich0@g.o>