*countable infinities only

Kevin Kofler kevin.kofler at chello.at
Sun Jun 3 10:15:36 UTC 2012

Gregory Maxwell wrote:
> Create a pre-bootloder.  If secureboot is enabled only permitting this
> boot because it's signed with the msft key,  then display the most
> helpful instructions WRT secureboot we can display and then halt.   If
> secureboot is not enabled, pass control to grub.
> This should meet the signing requirements and it removes the opacity
> without locking down any of Fedora.  Such a bootloader should meet
> whatever requirements to get signed, since if secureboot is turned on
> it wont boot anything at all.

I'm not sure that the CA will be willing to sign something that says 
"Secure" Boot is evil and needs to be disabled. And anyway, I think there's 
no point in doing this, a generic "boot failed" or silent fallback to 
another OS (one of which is what the firmware is going to do) is sufficient.

        Kevin Kofler

More information about the devel mailing list