*countable infinities only

Gerry Reno greno at verizon.net
Fri Jun 1 01:20:31 UTC 2012

On 05/31/2012 09:14 PM, Kevin Kofler wrote:
> Chris Adams wrote:
>> - Secure boot is required to be able to be disabled on x86 (the only
>> platform Fedora will support it).
> And this is exactly why we should just require our users to disable it!
> I don't see any advantage at all from supporting this "feature", just 
> problems:
> * extra restrictions added to GRUB and the kernel to comply with the 
> "security" (lockout) requirements. Even if they're all conditional on 
> "secure" boot being enabled (are they really?), that still means extra code 
> which can cause extra breakage even when running in normal mode (the one 
> every Free Software user should be using).
> * possible GPL violation. Did Red Hat Legal have a look at the plans 
> already? Are they sure they're compliant with the GPL, v2 when it comes to 
> the kernel, v3 when it comes to GRUB 2? (What's sure is that they aren't 
> compliant with the spirit of the GPL, whatever version!)
> * ineffectiveness of the added restrictions: Can't you still bring up a 
> "Blue Pill" with a Window$ VM even with only unsigned userspace apps? And if 
> we don't even allow those, where's the freedom?
> * exercising your freedom to change the kernel (or even just to load an out-
> of-tree module!) requires you to disable "Secure" (Restricted) Boot anyway, 
> so why support the restricted mode? (As much as I hate proprietary drivers, 
> you can definitely expect a horde of their users showing up at your door 
> with a pitchfork…)
> * implicit endorsement of M$ and their signature racket (including a 
> monetary payment to their racketing partner Veri$ign – was that already 
> made?). It might even lead M$ to drop the requirement to allow disabling 
> "Secure" Boot (or even invert it into a prohibition as on ARM!), arguing 
> that "Linux" (sic, should be GNU/Linux) supports it too anyway.
> * dependence on the racket, which can change its terms at any moment.
> Just saying "disable 'Secure' Boot in the BIOS" is the easiest solution to 
> the problem. I remember the days where one had to disable "Plug&Play 
> Operating System" in the BIOS to get GNU/Linux to boot at all on some 
> machines, it didn't cause any real problems.
>         Kevin Kofler

Agree 100%.

This whole signature racket is the proverbial camel's nose under the tent which will eventually lead to Linux being
ejected from x86 hardware.


More information about the devel mailing list