Fedora ARM and SecureBoot

Andrew Haley aph at redhat.com
Fri Jun 8 15:29:47 UTC 2012

On 06/08/2012 04:24 PM, Adam Jackson wrote:
> On Thu, 2012-06-07 at 15:16 -0500, Chris Adams wrote:
>> Once upon a time, Adam Jackson <ajax at redhat.com> said:
>>> If there are ARM machines where UEFI and Secure Boot are available,
>>> we're going to have tools to do your own trust database management
>>> anyway, so why would supporting them be any different from doing the
>>> same on x86?
>> For Windows 8 certification on ARM, Microsoft is going to require UEFI
>> with Secure Boot enabled _and_ no method for users to disable Secure
>> Boot or enroll their own keys (the opposite of x86 where they require a
>> disable method and custom key enrollment support).
> And?  I wasn't speaking to "we should sign our arm images with
> Microsoft's key", I was speaking to "we should support Secure Boot on
> arm".  If someone wants to build an arm machine with SB support capable
> of running non-Windows operating systems, why would we not want to run
> there, and why would enabling that look any different from self-signing
> an x86 machine?

Forgive me if I'm missing something, but surely the reason we would
not want to run there is that our users would not be able to do so
as well: they wouldn't be able to modify our kernel and run it on
their machine.


More information about the devel mailing list