Gentoo Archives: gentoo-dev

From: Florian Philipp <lists@×××××××××××.net>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo
Date: Fri, 15 Jun 2012 07:55:23
In Reply to: [gentoo-dev] Re: UEFI secure boot and Gentoo by Duncan <>
Am 15.06.2012 06:50, schrieb Duncan:
> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted: > >> So, anyone been thinking about this? I have, and it's not pretty. >> >> Should I worry about this and how it affects Gentoo, or not worry about >> Gentoo right now and just focus on the other issues? >> >> Minor details like, "do we have a 'company' that can pay Microsoft to >> sign our bootloader?" is one aspect from the non-technical side that >> I've been wondering about. > > I've been following developments and wondering a bit about this myself. > > I had concluded that at least for x86/amd64, where MS is mandating a user > controlled disable-signed-checking option, gentoo shouldn't have a > problem. Other than updating the handbook to accommodate UEFI, > presumably along with the grub2 stabilization, I believe we're fine as if > a user can't figure out how to disable that option on their (x86/amd64) > platform, they're hardly likely to be a good match for gentoo in any case. >
As a user, I'd still like to have the chance of using Secure Boot with Gentoo since it _really_ increases security. Even if it means I can no longer build my own kernel.
> ARM and etc could be more problematic since MS is mandating no-unlock > there, last I read. I have no clue how they can get away with that anti- > trust-wise, but anyway... But I honestly don't know enough about other > than x86/amd64 platforms to worry about it, personally. >
I guess anti-trust is not an issue since MS is not even close to having a monopoly in ARM. Regards, Florian Philipp


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-dev] Re: UEFI secure boot and Gentoo Walter Dnes <waltdnes@××××××××.org>
Re: [gentoo-dev] Re: UEFI secure boot and Gentoo "Michał Górny" <mgorny@g.o>