*countable infinities only
pjones at redhat.com
Mon Jun 18 12:54:08 UTC 2012
On 06/18/2012 01:17 AM, Seth Johnson wrote:
> On Mon, Jun 18, 2012 at 1:15 AM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
>> On Mon, Jun 18, 2012 at 01:09:52AM -0400, Jay Sulzberger wrote:
>>> The game is now just about over. What if one day, Microsoft
>>> makes it even harder to install Fedora without a Microsoft
>>> controlled key? What if, as has already happened with ARM,
>>> Microsoft refuses to grant Fedora a special key?
>> Microsoft has not refused to grant Fedora a key for ARM.
> Oh please.
It's very difficult to see what your argument is from those two words. Just
to be clear, and to expand on Matthew's (quoted) response, at this time
there's no reason to believe the ability to get a signed bootloader on ARM
will be any different than on x86. *We*, Matthew and I, have chosen to
extend a proposal which excludes Fedora from this process on ARM machines
due to our belief that users should have ultimate control of their systems.
That control must include replacing all of the Secure Boot keys - PK, KEK,
DB, and DBX. We don't believe we can reasonably support a Free Software
platform on machines without that functionality, and so we've opted not to
bring a proposal which would include supporting that platform.
There's every indication that were we to so choose, Microsoft would happily
sign our binaries and allow us to boot on Secure Boot constrained ARM
machines at no additional cost. We believe that without the guarantee that
you can disable Secure Boot or use your own chain of trust, it isn't a
platform we can or should support.
More information about the devel