Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

Sam Varshavchik mrsam at courier-mta.com
Fri Jun 1 11:11:13 UTC 2012


Thibault NĂ©lis writes:

> On 06/01/2012 09:46 AM, Alan Cox wrote:
>> Out of support releases are also an interesting problem. If a hole is
>> found they need to revoke the key. If they do that the users machine is
>> crippled. It's potentially a criminal matter in many EU states as well so
>> whoever issues the revocation could end up in jail. Nobody is really too
>> sure. This is all untested waters.
>
> If we're talking about the kernel, one can always make the boot loader  
> prompt the user whether it wants to continue without the assurance of a safe  
> boot,

You are assuming that Microsoft will sign a bootloader with such  
functionality.

I would not take that bet.

>> It will be up to the Fedora Board to stop Red Hat corrupting the goals of
>> the Fedora project in this way - or if they won't for people who dislike
>> it to dump Fedora - particularly package maintainers.
>
> That would be, well, extreme.  Say if legally OEMs are bound to empower the  
> user to manage the keys in the firmware, would you still advocate against  
> the use of the technology?

No.

> Now, users who buy machines with Windows pre-installed should expect their  
> firmware to include Microsoft's key, and should be aware that they can add  
> theirs legally.  If they don't want to use Windows and don't want the  
> trouble of setting up keys they should either:
>
> (a) Buy from an OEM which builds machines with their OS of choice pre- 
> installed, including a secure boot key for it,
>
> (b) Ask an OEM for a machine without any OS (if you install the OS yourself  
> then you should be responsible for installing the key as well),
>
> (c) Fight an OEM which pre-installs Windows to add a new key, possibly a set  
> of keys from unbiased trust brokers that can distribute certificates  
> (bootloader shims) to your OS of choice to make it more realistic.

How about buying a laptop or a PC that will boot any damn OS you want,  
without all this cockamamie crap?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20120601/c8553b25/attachment.sig>


More information about the users mailing list