Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
Alan Cox
alan at lxorguk.ukuu.org.uk
Sat Jun 2 19:49:29 UTC 2012
> 3. Create your own keys and sign your own shim/grub2/kernel and remove
> MS'es keys.
And how are you going to add your own keys to the firmware ? There is no
requirement for EFI to support this in anything I've seen so far.
Hopefully everyone will.
Also btw I wouldn't bet on removing the Microsoft key - as it stands you
may find that means all your add on cards stop working. All those with
firmware have to have the firmware signed too (otherwise you'd just
insert a 'f**k you' card with breakout firmware into the box), and those
have to be signed with a key that can be everywhere if the are general
purpose add in cards
While there are still folks thinking evil thoughts along the 'wasn't it
good in pre PC days when we could flog a $30 video card for $600'
PC vendors want their cards to work everywhere. So in practice someone
has to sign their firmware to work with every BIOS which puts them in the
same place as Fedora so they end up being Microsoft signed, kerching $99,
kerching $99...
Remove the MS key and the firmware won't be signed. I doubt you can
re-sign any flash firmware. That's probably only a problem for the
paranoid because any government approved spyware from the FBI etc is
presumably going to use the Microsoft key by default.
Alan
More information about the users
mailing list