*countable infinities only
pjones at redhat.com
Thu May 31 16:22:44 UTC 2012
On 05/31/2012 12:11 PM, Gerry Reno wrote:
> This is a monopolistic attack disguised as a security effort.
The argument that it's a security effort is bolstered in many vendors eyes
by the existence of attacks in the wild which Secure Boot would prevent.
As a practical matter, I'm going to go on calling it "Secure Boot", not
to express disagreement with your position or agreement with theirs, but
because I value the efficacy of communication afforded me by using the same
terms as the specification and nearly everybody else who talks about the
> The highly restrictive technological approach that has been taken needs to
> bechallenged in the courts.
If you see a legal challenge to MS requiring secure boot to be enabled with
their keys in order to ship systems with their trademarked logo on it, you're
at your leisure to follow through on that. I'll make no attempt to stand in
your way. I look forward to keeping track of your progress on this matter.
> I'd rather see Microsoft users have to attach a dongle to their system to
> getthe "security" that they need.
I don't think that would solve the problem in question as people would just
leave the dongle attached at all times in order to satisfy the convenience of
operation that users currently require of their hardware, which is a driving
force in the market, and thus no resilience against the aforementioned attacks
would be gained.
That being said, that's not the problem *we* need to solve. The problem we need
to solve is this:
Next year if we don't implement some form of Secure Boot support, the majority
of Fedora users will not be able to install Fedora on new machines.
For reasons Matthew explained in his post, we've done a very large amount of
work trying to find options that were practicable, and right now the best
option we see is the one he described. You're welcome to disagree, but I
ask that you'd do so constructively.
More information about the devel