Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

[Thibault Nélis]

On 06/01/2012 02:40 PM, Sam Varshavchik wrote:
>> they can't possibly review all the software that could follow the boot
>> loader down the chain,
>
> They won't have to. Once they have a signing key that boots their
> current Windows OS, they have no further need for a certification
> process. What value added benefit does it bring to them?

For now, they avoid public outrage and keep control.  I personally 
believe there will be other players in that game in the future, because 
there's a potential market for trust brokers between the OEMs and the OS 
distributors.  If that's true, Microsoft will simply be ahead of 
everyone else and by feeding the mouths of everyone now they delay the 
necessity for other businesses to take parts of that market.  I could be 
wrong, but at least it makes sense, and since they *do* sell these 
certifications and act all "we're the good guys", this explanation 
doesn't seem far off.

I agree it's not ideal, so we must still demand for alternatives to 
Microsoft, preferably unbiased, now.

I don't think there is much information on the exact nature of the 
relationship between Microsoft and Verisign.  It's weird that Microsoft 
wouldn't get a penny out of it, especially since they host the platform, 
so Verisign must be paying back a good share.  Or maybe I'm looking at 
it the wrong way and it's not about money, but..  well it usually is.

>> because it includes big monolithic kernels, so they have to trust the
>> people who develop the software instead of the software itself.
>
> No, they don't have to trust anyone. Who says that Microsoft must trust
> a bunch of hippies?
>
> Hahaha.
>
>>> How about buying a laptop or a PC that will boot any damn OS you want,
>>> without all this cockamamie crap?
>>
>> Well any computer *will* boot any damn OS, just add a key, or don't
>> use the technology.
>
> Again, you're assuming that I will be able to add my own key.
>
> All I've heard is that OEMs will have a physical kill switch, to turn
> off secure boot.
>
> Where can I read some big name OEM's announcement of a board that will
> accept user-generated keys?
>
> Please prove me wrong. Where can I get the details of those plans?

Well I don't see why Matthew Garrett would lie about that in his article 
(we all read his post right?).  Maybe I trust his word too easily, or 
maybe his source is wrong, but I certainly think he's way more informed 
about the situation than any of us.  You're right in that we should wait 
to see it formally announced by the OEMs before shouting victory though, 
but I kind of got from the vibe that it was a sure thing, so I don't 
think we should worry about that too much until the situation changes, 
hoping that it won't.

> And would you care to take my bet, for 1,000 quatloos, that Microsoft's
> certification program will be a farce? They'll sign Oracle's key, that
> can only boot Solaris, sure. They may very well sign an RHEL key, that
> will boot a locked-down RHEL.

A $100 farce?  At that price, they are *clearly* targeting very small 
players.  I know it doesn't help that their site has been down since the 
beginning of this discussion, we can't really evaluate, but I got the 
feeling that Fedora's decision to use Microsoft's services was informed 
and not just thrown in the wild, so they presumably know for sure that 
they can get it.

So yeah, okay, trekker, I take the bet, they get the key.  :)

> An open Fedora? Not going to happen.

Ah come on, it's not the end yet.
-- 
t