*countable infinities only
Kevin Kofler
kevin.kofler at chello.at
Sun Jun 3 10:15:36 UTC 2012
Gregory Maxwell wrote:
> Create a pre-bootloder. If secureboot is enabled only permitting this
> boot because it's signed with the msft key, then display the most
> helpful instructions WRT secureboot we can display and then halt. If
> secureboot is not enabled, pass control to grub.
>
> This should meet the signing requirements and it removes the opacity
> without locking down any of Fedora. Such a bootloader should meet
> whatever requirements to get signed, since if secureboot is turned on
> it wont boot anything at all.
I'm not sure that the CA will be willing to sign something that says
"Secure" Boot is evil and needs to be disabled. And anyway, I think there's
no point in doing this, a generic "boot failed" or silent fallback to
another OS (one of which is what the firmware is going to do) is sufficient.
Kevin Kofler
More information about the devel
mailing list