*countable infinities only
ajax at redhat.com
Thu May 31 16:37:54 UTC 2012
On 5/31/12 12:20 PM, Basil Mohamed Gohar wrote:
> On 05/31/2012 12:18 PM, Miloslav Trmač wrote:
>> Remove Microsoft's keys, problem solved.
> Ah, yes, but then you also won't be able to run Fedora, under the
> currently proposed solution. Oops! See how slick the slope is?
False. Quoting from Matthew's original post:
"A system in custom mode should allow you to delete all existing keys
and replace them with your own. After that it's just a matter of
re-signing the Fedora bootloader (like I said, we'll be providing tools
and documentation for that) and you'll have a computer that will boot
Fedora but which will refuse to boot any Microsoft code."
So, yes, you'll need to sign your own bootloader instead, and then you
can run Fedora or whatever else you want. And having done so you will
be running a _more secure_ configuration than your current desktop,
because you can be assured nothing has tampered with your firmware.
Now if you're suggesting Fedora should ship another version of the
shimloader that's signed with a common Fedora key... sure, why not, that
could be nice. The security implications there are mostly equivalent to
the existing rpm signature trust chain I think, though I haven't thought
it through all the way. It _would_ mean that if someone managed to
crack the Fedora key they could root the firmware on all such Fedora
machines, so it's slightly less secure than just doing your own personal
(or site-wide) keys. In any event, the tools exist to have whatever
level of trust you (and the wider Fedora community) want.
But the thesis you're proposing of "Fedora will require a Microsoft
signature to run" is not merely wrong but actively misleading.
More information about the devel