*countable infinities only

Matthew Garrett mjg59 at srcf.ucam.org
Fri Jun 1 16:45:02 UTC 2012

On Fri, Jun 01, 2012 at 06:16:37PM +0200, Kevin Kofler wrote:
> Adam Jackson wrote:
> > False.  Quoting from Matthew's original post:
> > 
> > "A system in custom mode should allow you to delete all existing keys
> > and replace them with your own. After that it's just a matter of
> > re-signing the Fedora bootloader (like I said, we'll be providing tools
> > and documentation for that) and you'll have a computer that will boot
> > Fedora but which will refuse to boot any Microsoft code."
> Removing the M$ key is not viable because the firmware on some peripheral 
> hardware will be signed only with the M$ key.

"It may be a little more awkward for desktops because you may have to 
handle the Microsoft-signed UEFI drivers on your graphics and network 
cards, but this is also solvable. I'm looking at ways to implement a 
tool to allow you to automatically whitelist the installed drivers."

Matthew Garrett | mjg59 at srcf.ucam.org

More information about the devel mailing list