Fedora ARM and SecureBoot
przemek.klosowski at nist.gov
Thu Jun 7 17:14:57 UTC 2012
What is Fedora ARM planning to do about the upcoming Microsoft hardware
certification spec requiring Secure Boot? By the spec, there must be a
way to disable it on x86, but on ARM they expressly prohibit turning it
off. I guess the current Fedora/RedHat stance, as explained by Matthew
Garrett, is to obtain a MS certificate covering x86 and presumably ARM
kernels from Fedora, but this doesn't help respins and mods and even
custom kernels---more likely on ARM because of the its relative newness
and faster pace of development.
People pointed out that MS hardware requirements for ARM don't have
anwhere near the market coverage/importance as in the x86 sector, so
they argue that it's OK to ignore the issue. Indeed, currently majority
of ARM hardware just doesn't care about MS, but Secure Boot is a
reflection of the industry trend seeking more security (*) so it's
conceivable that more digital signing is in ARM's future, too.
So, what is the current thinking?
(*) this is true whether one agrees with it or not, and whatever one
thinks about SecureBoot technical merit.
More information about the devel