*countable infinities only
seth.p.johnson at gmail.com
Mon Jun 18 13:43:27 UTC 2012
On Mon, Jun 18, 2012 at 9:37 AM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
> On Mon, Jun 18, 2012 at 09:26:23AM -0400, Seth Johnson wrote:
>> On Mon, Jun 18, 2012 at 8:59 AM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
>> > You're still not making it clear what you want. Hardware without secure
>> > boot? Hardware with secure boot but a different default policy? Hardware
>> > with free firmware that may or may not have secure boot enabled by
>> > default?
>> Write a new UEFI. No need for a shim. Peter stated what the free
>> software UEFI on its own hardware should support: "disable Secure Boot
>> or use your own chain of trust." Plus, because you appear to be
>> motivated to buy a shim for this reason, write the UEFI so it does not
>> make it scary to install in any configuration you use as the empowered
>> owner of the device.
> Like I said before, the existing UEFI implementations on the existing
> hardware will support "Disable Secure Boot or use your own chain of
> trust". If you're asking for the ability to install Linux without
> requiring signed binaries then presumably you just want a UEFI
> implementation that doesn't enforce secure boot by default? Those exist
> already, without needing to write a new implementation.
I defer to Jay for now. It seems to me you are seeking permission
from Microsoft or you would not be writing a shim.
More information about the devel