*countable infinities only

Gregory Maxwell gmaxwell at gmail.com
Sat Jun 2 19:28:03 UTC 2012


On Sat, Jun 2, 2012 at 12:36 PM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
> Per spec the machine simply falls back to attempting to execute the next
> entry in the boot list. An implementation may provide some feedback that
> that's the case, but there's no requirement for it to do so, so it's
> perfectly valid for it to just fall back to booting Windows with no
> notification.

If the issue were just the opaque and unpredictable behavior on
failure this could be addressed without signing any of the
distribution proper.

Create a pre-bootloder.  If secureboot is enabled only permitting this
boot because it's signed with the msft key,  then display the most
helpful instructions WRT secureboot we can display and then halt.   If
secureboot is not enabled, pass control to grub.

This should meet the signing requirements and it removes the opacity
without locking down any of Fedora.  Such a bootloader should meet
whatever requirements to get signed, since if secureboot is turned on
it wont boot anything at all.

I strongly encourage this mode to be created and included with Fedora
even if goes down the route of locking down the operating system... so
when people do replace their bootloaders/kernels they're not just
stuck booting into windows or getting a black screen.


More information about the devel mailing list