*countable infinities only
mjg59 at srcf.ucam.org
Mon Jun 18 13:37:35 UTC 2012
On Mon, Jun 18, 2012 at 09:26:23AM -0400, Seth Johnson wrote:
> On Mon, Jun 18, 2012 at 8:59 AM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
> > You're still not making it clear what you want. Hardware without secure
> > boot? Hardware with secure boot but a different default policy? Hardware
> > with free firmware that may or may not have secure boot enabled by
> > default?
> Write a new UEFI. No need for a shim. Peter stated what the free
> software UEFI on its own hardware should support: "disable Secure Boot
> or use your own chain of trust." Plus, because you appear to be
> motivated to buy a shim for this reason, write the UEFI so it does not
> make it scary to install in any configuration you use as the empowered
> owner of the device.
Like I said before, the existing UEFI implementations on the existing
hardware will support "Disable Secure Boot or use your own chain of
trust". If you're asking for the ability to install Linux without
requiring signed binaries then presumably you just want a UEFI
implementation that doesn't enforce secure boot by default? Those exist
already, without needing to write a new implementation.
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the devel