*countable infinities only

Peter Jones pjones at redhat.com
Mon Jun 18 15:07:21 UTC 2012


On 06/18/2012 11:03 AM, Jay Sulzberger wrote:

>> Microsoft has not refused to grant Fedora a key for ARM.
>
> This I do not understand.  By reports in the admittedly
> incompetent magazines dealing with home computers, Microsoft's
> policy is to keep Fedora, and any other OSes, except for
> Microsoft OSes, off all Microsoft Certified ARM devices.
>
> Perhaps you mean that Fedora has not asked Microsoft for a signing key.

Signing on ARM would use the same key and signing service as x86. We have
chosen not to pursue this usage due to the inability to disable Secure Boot
or install your own chain of trust on ARM given the rules they've put forward.

> Further questions ad ARM: According to Microsoft, can, in future,
> "SecureBoot" be disabled on Microsoft Certified ARM devices?

On ARM client devices, no, the current requirements do not allow you to
disable Secure Boot. I don't think the behavior on server hardware is
specified yet whatsoever.

> Will the person who walks out of the store with a Microsoft
> Certified ARM device be able to put their own signing key in?
> What about the PK?

No, not either.

-- 
         Peter




More information about the devel mailing list