On Thu, 2012-06-07 at 15:16 -0500, Chris Adams wrote:
Once upon a time, Adam Jackson ajax@redhat.com said:
If there are ARM machines where UEFI and Secure Boot are available, we're going to have tools to do your own trust database management anyway, so why would supporting them be any different from doing the same on x86?
For Windows 8 certification on ARM, Microsoft is going to require UEFI with Secure Boot enabled _and_ no method for users to disable Secure Boot or enroll their own keys (the opposite of x86 where they require a disable method and custom key enrollment support).
And? I wasn't speaking to "we should sign our arm images with Microsoft's key", I was speaking to "we should support Secure Boot on arm". If someone wants to build an arm machine with SB support capable of running non-Windows operating systems, why would we not want to run there, and why would enabling that look any different from self-signing an x86 machine?
- ajax