*countable infinities only
mjg59 at srcf.ucam.org
Fri Jun 1 16:45:02 UTC 2012
On Fri, Jun 01, 2012 at 06:16:37PM +0200, Kevin Kofler wrote:
> Adam Jackson wrote:
> > False. Quoting from Matthew's original post:
> > "A system in custom mode should allow you to delete all existing keys
> > and replace them with your own. After that it's just a matter of
> > re-signing the Fedora bootloader (like I said, we'll be providing tools
> > and documentation for that) and you'll have a computer that will boot
> > Fedora but which will refuse to boot any Microsoft code."
> Removing the M$ key is not viable because the firmware on some peripheral
> hardware will be signed only with the M$ key.
"It may be a little more awkward for desktops because you may have to
handle the Microsoft-signed UEFI drivers on your graphics and network
cards, but this is also solvable. I'm looking at ways to implement a
tool to allow you to automatically whitelist the installed drivers."
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the devel