Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
Sam Varshavchik
mrsam at courier-mta.com
Fri Jun 1 11:11:13 UTC 2012
Thibault NĂ©lis writes:
> On 06/01/2012 09:46 AM, Alan Cox wrote:
>> Out of support releases are also an interesting problem. If a hole is
>> found they need to revoke the key. If they do that the users machine is
>> crippled. It's potentially a criminal matter in many EU states as well so
>> whoever issues the revocation could end up in jail. Nobody is really too
>> sure. This is all untested waters.
>
> If we're talking about the kernel, one can always make the boot loader
> prompt the user whether it wants to continue without the assurance of a safe
> boot,
You are assuming that Microsoft will sign a bootloader with such
functionality.
I would not take that bet.
>> It will be up to the Fedora Board to stop Red Hat corrupting the goals of
>> the Fedora project in this way - or if they won't for people who dislike
>> it to dump Fedora - particularly package maintainers.
>
> That would be, well, extreme. Say if legally OEMs are bound to empower the
> user to manage the keys in the firmware, would you still advocate against
> the use of the technology?
No.
> Now, users who buy machines with Windows pre-installed should expect their
> firmware to include Microsoft's key, and should be aware that they can add
> theirs legally. If they don't want to use Windows and don't want the
> trouble of setting up keys they should either:
>
> (a) Buy from an OEM which builds machines with their OS of choice pre-
> installed, including a secure boot key for it,
>
> (b) Ask an OEM for a machine without any OS (if you install the OS yourself
> then you should be responsible for installing the key as well),
>
> (c) Fight an OEM which pre-installs Windows to add a new key, possibly a set
> of keys from unbiased trust brokers that can distribute certificates
> (bootloader shims) to your OS of choice to make it more realistic.
How about buying a laptop or a PC that will boot any damn OS you want,
without all this cockamamie crap?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20120601/c8553b25/attachment.sig>
More information about the users
mailing list