Gentoo Archives: gentoo-dev

From: Luca Barbato <lu_zero@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo
Date: Fri, 15 Jun 2012 12:20:19
Message-Id: 4FDB2827.4030009@gentoo.org
In Reply to: Re: [gentoo-dev] UEFI secure boot and Gentoo by "Chí-Thanh Christopher Nguyễn"
1 On 06/15/2012 06:57 AM, Chí-Thanh Christopher Nguyễn wrote:
2 > Greg KH schrieb:
3 >> So, anyone been thinking about this? I have, and it's not pretty.
4 >>
5 >> Should I worry about this and how it affects Gentoo, or not worry about
6 >> Gentoo right now and just focus on the other issues?
7 >>
8 >> Minor details like, "do we have a 'company' that can pay Microsoft to
9 >> sign our bootloader?" is one aspect from the non-technical side that I've
10 >> been wondering about.
11 >
12 > For the current crop of hardware, it is probably sufficient to add a
13 > paragraph to the handbook which tells the user to disable secure boot.
14 >
15 > Getting users' self-compiled boot loaders signed with a Gentoo key is
16 > probably infeasible.
17 >
18 > If you have influence on UEFI secure boot spec, you could suggest that
19 > they mandate a UI which lists all boot images known to the EFI boot
20 > manager, and the user can easily whitelist both individual loaders and
21 > the keys used to sign them.
22 >
23
24 That would be a good compromise.
25
26
27 --
28
29 Luca Barbato
30 Gentoo/linux
31 http://dev.gentoo.org/~lu_zero

Replies

Subject Author
Re: [gentoo-dev] UEFI secure boot and Gentoo Rich Freeman <rich0@g.o>