Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

Sam Varshavchik mrsam at courier-mta.com
Sat Jun 2 02:28:18 UTC 2012 

Thibault Nélis writes:

> On 06/02/2012 12:47 AM, Sam Varshavchik wrote:
>> Who exactly is outraged right now? A bunch of geeks on a mailing list?
>> So what? Who cares?
>
> Again, people have won cases to get their money back over the license of  
> preinstalled Windows copies because they use alternative OSes.  Secure boot

Yes, all five of them.

> [0] Yes, I found it, it was there all along, I guess I didn't look hard  
> enough (or didn't listen properly):  
> http://download.microsoft.com/download/A/D/F/ADF5BEDE-C0FB-4CC0-A3E1- 
> B38093F50BA1/windows8-hardware-cert-requirements-system.pdf [search for  
> secureboot, you'll find it easy enough]

I never said that Microsoft would openly prohibit OEMs from offering an  
option to install user-provided keys.

They key word here is "openly".

>>> I agree it's not ideal, so we must still demand for alternatives to
>>> Microsoft, preferably unbiased, now.
>>
>> We can start by not playing their games.
>
> Exactly, by ignoring them and using the services of other organizations.

Well, that's one unique way to ignore them: it costs $99 to do that.

> Not wanting such services would be equivalent to not wanting secure boot.   
> Everybody can disable it if they don't want it already, but personally I  
> think the technology is nice to have if done right, so it's worth showing  
> the need for alternatives to Microsoft.

Oh, sure, it's nice to have. But, as I stated elsewhere, it's incompatible  
with Microsoft's goals.

>> Not the Fedora key. My bet was on a key that can boot an open Fedora,
>> which can do everything that Fedora can do today, on the same hardware.
>>
>> They might get a key signed to boot a locked-down RHEL. Might. Not a
>> guarantee. There will not, I repeat, NOT, going to be a signed key that
>> boots Fedora, where "Fedora" refers to Fedora as we know it today.
>>
>> The most you're going to get, is a key that will boot Fedora that's been
>> built and signed on Fedora build servers, using this key, that will
>> refuse to load unsigned modules, and with certain Linux kernel features
>> disabled. And nobody, but those build servers, will have the key.
>
> I don't think I follow you, what would be the point of using a key that  
> would boot a version of Fedora that hasn't been built by Fedora build  
> servers?

There are plenty of people who use non-Fedora kernels with the rest of the  
Fedora distribution. Now, I have no reasons to do so myself; and I can't  
think of a typical reason why I'd want to do that; but they surely have  
their own valid reason for doing that.

And, if their hardware required a Microsoft-blessed key to boot a host OS,  
then the whole point of getting one would be to be able to boot their  
machine.

Imagine the gall – wanting to be able to boot a custom kernel.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20120601/53a3fe23/attachment.sig>

More information about the users mailing list