*countable infinities only

[Adam Jackson]

On 5/31/12 12:20 PM, Basil Mohamed Gohar wrote:
> On 05/31/2012 12:18 PM, Miloslav Trmač wrote:
>> Remove Microsoft's keys, problem solved.
>>      Mirek
> Ah, yes, but then you also won't be able to run Fedora, under the
> currently proposed solution.  Oops!  See how slick the slope is?

False.  Quoting from Matthew's original post:

"A system in custom mode should allow you to delete all existing keys 
and replace them with your own. After that it's just a matter of 
re-signing the Fedora bootloader (like I said, we'll be providing tools 
and documentation for that) and you'll have a computer that will boot 
Fedora but which will refuse to boot any Microsoft code."

So, yes, you'll need to sign your own bootloader instead, and then you 
can run Fedora or whatever else you want.  And having done so you will 
be running a _more secure_ configuration than your current desktop, 
because you can be assured nothing has tampered with your firmware.

Now if you're suggesting Fedora should ship another version of the 
shimloader that's signed with a common Fedora key... sure, why not, that 
could be nice.  The security implications there are mostly equivalent to 
the existing rpm signature trust chain I think, though I haven't thought 
it through all the way.  It _would_ mean that if someone managed to 
crack the Fedora key they could root the firmware on all such Fedora 
machines, so it's slightly less secure than just doing your own personal 
(or site-wide) keys.  In any event, the tools exist to have whatever 
level of trust you (and the wider Fedora community) want.

But the thesis you're proposing of "Fedora will require a Microsoft 
signature to run" is not merely wrong but actively misleading.

- ajax