*countable infinities only
Scott Schmit
i.grok at comcast.net
Fri Jun 1 22:32:05 UTC 2012
On Fri, Jun 01, 2012 at 09:52:20AM +0300, Nicu Buculei wrote:
> On 05/31/2012 05:13 PM, Chris Adams wrote:
> >
> >Please don't spread FUD like this. You are wrong for a couple of
> >reasons:
> >
> >- Secure boot is required to be able to be disabled on x86 (the only
> > platform Fedora will support it).
> >
> >- Users can generate their own keys, enroll them in the secure boot
> > firmware, and use those keys to sign their kernels.
>
> I am not sure I fully understand the technical part about UEFI so
> please make it clear for me: I can generate my own keys, enroll them
> in the secure boot firmware and then *continue* using the machine in
> a *dual boot* with Windows 8?
Yes, as long as you don't remove the MS key. If you do, Windows won't
boot (and neither will Fedora until you sign it with your key).
> The presence on my own boot keys will make Windows 8 unbootable on
> that machine or not?
The hardware is not MS-centric -- it will boot using any trusted key
without prejudice.
I doubt that Windows will refuse to boot just because other trusted keys
are present. I don't know enough about the interface between the secure
boot firmware and OS to know if the OS can even tell what trusted keys
are available. I know that the OS can't update the trusted key set
itself -- that must be done by the user via the firmware directly.
The OS can update the blacklists without the user's help, however (but
the update must be signed with a trusted key).
--
Scott Schmit
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4138 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120601/48ff344a/attachment.bin>
More information about the devel
mailing list