Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

[Alan Cox]

> > Verisign is somehow involved since they will receive the payments;  and they  
> > are arguably less biased).  Microsoft/Verisign currently ask $100 for the  
> > signatures.  Every time an attacker's malware is detected and blacklisted,  
> > it would have to pay $100 to a trust broker to get a new signature.
> 
> And how exactly would a piece of hardware would have the ability to revoke a  
> certificate?

Its a feature of the hardware design. It was designed into the UEFI
secure boot set up from the start for the same reasons a web browser
needs to be able to revoke keys.

> I do not recall anyone mentioning any OEM that will enable a user to install  
> their own bootloader signing keys, alongside with Microsoft's.

> Can you point me to any OEM that indicated that they will make hardware that  
> implements user-installed keys?

Hopefully there will be enough of an explosion that this changes but it
will probably depend upon competition regulators and lobbying from
supportive politicians in the EU.

> As I said, I've opened a betting pool. Initially, I bet 1,000 quatloos that  
> Fedora's bootloader will not be signed a year down the road, after this  
> whole circus gets running.

If Red Hat have any sense they will take up the offers to get their key
into as many BIOSes as they can and sign with both. That way Microsoft
can't screw them over later even if they want to.

> You really think that any OEM will fight this? Why should they?

If it hurts their business for one, and in order not to be considered
part of a cartel may be another (as whistle blowing a cartel usually
mostly exempts you from damages for it...)

But yes they are in a very tight spot and have this to juggle with and
the fact that there are predictions the Android device market is about to
turn them into the next Nokia.

Alan