*countable infinities only
seth.p.johnson at gmail.com
Mon Jun 18 14:04:38 UTC 2012
On Mon, Jun 18, 2012 at 9:56 AM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
> On Mon, Jun 18, 2012 at 09:43:27AM -0400, Seth Johnson wrote:
>> On Mon, Jun 18, 2012 at 9:37 AM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
>> > Like I said before, the existing UEFI implementations on the existing
>> > hardware will support "Disable Secure Boot or use your own chain of
>> > trust". If you're asking for the ability to install Linux without
>> > requiring signed binaries then presumably you just want a UEFI
>> > implementation that doesn't enforce secure boot by default? Those exist
>> > already, without needing to write a new implementation.
>> I defer to Jay for now. It seems to me you are seeking permission
>> from Microsoft or you would not be writing a shim.
> Ok so what you mean is "I want a UEFI implementation that doesn't
> require a Microsoft signature to boot"? The options there are currently
> (1) have a Fedora specific key (which we're not doing because it would
> fragment the community) and (2) ship systems without secure boot enabled
> by default. System76 (and possibly others) will be supplying systems
> that provide (2), so that choice is available to you.
To me. We all -- and this notably includes Red Hat -- need to work to
make those other systems viable. That goes beyond my own choices.
More information about the devel