*countable infinities only
Adam Williamson
awilliam at redhat.com
Thu May 31 21:47:05 UTC 2012
On Thu, 2012-05-31 at 16:31 -0400, Gerry Reno wrote:
> On 05/31/2012 04:26 PM, Gregory Maxwell wrote:
> > On Thu, May 31, 2012 at 4:19 PM, Gerry Reno <greno at verizon.net> wrote:
> >> And I'd rather see a User-Controlled implementation rather than a Monopoly-Controlled implementation.
> > SecureBoot is (currently, on x86 but not arm) _also_ user-controlled.
> > The monopoly controlled is just the default.
>
> I guess what I am saying is a User-only controlled implementation. No monopoly implementation needed.
SecureBoot itself is exactly this. It specifies a framework. It just
says, basically, 'hey, if we sign all these bits then we have a trusted
boot path'. It doesn't state who should sign the bits. It doesn't care.
It's Microsoft's Windows 8 Client labelling program that implements the
'monopoly control'. That's the program which requires compliant hardware
to trust the Microsoft signing key.
If you want to Opt Out Of The Monopoly, Man all you have to do is buy
hardware which doesn't comply with Microsoft's program and trust
Microsoft's key. Such hardware will exist.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
More information about the devel
mailing list