*countable infinities only
kevin.kofler at chello.at
Sun Jun 3 10:15:36 UTC 2012
Gregory Maxwell wrote:
> Create a pre-bootloder. If secureboot is enabled only permitting this
> boot because it's signed with the msft key, then display the most
> helpful instructions WRT secureboot we can display and then halt. If
> secureboot is not enabled, pass control to grub.
> This should meet the signing requirements and it removes the opacity
> without locking down any of Fedora. Such a bootloader should meet
> whatever requirements to get signed, since if secureboot is turned on
> it wont boot anything at all.
I'm not sure that the CA will be willing to sign something that says
"Secure" Boot is evil and needs to be disabled. And anyway, I think there's
no point in doing this, a generic "boot failed" or silent fallback to
another OS (one of which is what the firmware is going to do) is sufficient.
More information about the devel