1 |
On Fri, Jun 15, 2012 at 09:26:07AM +0200, Michał Górny wrote: |
2 |
> On Thu, 14 Jun 2012 21:56:04 -0700 |
3 |
> Greg KH <gregkh@g.o> wrote: |
4 |
> |
5 |
> > On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote: |
6 |
> > > On 15 June 2012 09:58, Greg KH <gregkh@g.o> wrote: |
7 |
> > > > So, anyone been thinking about this? I have, and it's not pretty. |
8 |
> > > > |
9 |
> > > > Should I worry about this and how it affects Gentoo, or not worry |
10 |
> > > > about Gentoo right now and just focus on the other issues? |
11 |
> > > |
12 |
> > > I think it at least makes sense to talk about it, and work out what |
13 |
> > > we can and cannot do. |
14 |
> > > |
15 |
> > > I guess we're in an especially bad position since everybody builds |
16 |
> > > their own bootloader. Is there /any/ viable solution that allows |
17 |
> > > people to continue doing this short of distributing a first-stage |
18 |
> > > bootloader blob? |
19 |
> > |
20 |
> > Distributing a first-stage bootloader blob, that is signed by |
21 |
> > Microsoft, or someone, seems to be the only way to easily handle this. |
22 |
> |
23 |
> Maybe we could get one such a blob for all distros/systems? |
24 |
> |
25 |
> Also, does this signature system have any restrictions on what is |
26 |
> signed and what is not? In other words, will they actually sign a blob |
27 |
> saying 'work-around signatures' on the top? |
28 |
|
29 |
It is uncertian at the moment what the requirements are, I'm trying to |
30 |
nail this down. But, in order to protect all other companies, I imagine |
31 |
they are going to be pretty restrictive, otherwise it really makes no |
32 |
sense at all to have this in the first place. |
33 |
|
34 |
greg k-h |