Fedora ARM and SecureBoot

Peter Robinson pbrobinson at gmail.com
Thu Jun 7 19:40:16 UTC 2012

On Thu, Jun 7, 2012 at 6:14 PM, Przemek Klosowski
<przemek.klosowski at nist.gov> wrote:
> What is Fedora ARM planning to do about the upcoming Microsoft hardware
> certification spec requiring Secure Boot? By the spec, there must be a way
> to disable it on x86, but on ARM they expressly prohibit turning it off. I
> guess the current Fedora/RedHat stance, as explained by Matthew Garrett, is
> to obtain a MS certificate covering x86 and presumably ARM kernels from
> Fedora, but this doesn't help respins and mods and even custom
> kernels---more likely on ARM because of the its relative newness and faster
> pace of development.
> People pointed out that MS hardware requirements for ARM don't have anwhere
> near the market coverage/importance as in the x86 sector, so they argue that
> it's OK to ignore the issue. Indeed, currently majority of ARM hardware just
> doesn't care about MS, but Secure Boot is a reflection of the industry trend
> seeking more security (*) so it's conceivable that more digital signing is
> in ARM's future, too.
> So, what is the current thinking?

The current thinking is wait and see. MS is not a leader in the market
and the route that most vendors are going in the non MS ARM market is
to allow users to disable the security. From the phone perspective
where it might be a carrier requirement it's not a market we're even
looking at and it's very hard to tell because it's very early in the
MS section of the game anyway. Also at the moment there's lots of very
usable HW which isn't a problem.


More information about the devel mailing list