Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

Sam Varshavchik mrsam at courier-mta.com
Sat Jun 2 20:19:59 UTC 2012 

Thibault NĂ©lis writes:

> On 06/02/2012 04:34 AM, Sam Varshavchik wrote:
>>> Well the math doesn't compute here, it's cryptographically impossible.
>>> I mean you could sign a shim that won't verify the integrity of the boot
>>
>> There you go.
>
> Look I can't really go on on that.  You seem to imply that this is a bad  
> thing.  I simply say that it doesn't make sense to want this in the first  
> place.  I don't know what to say.

But I thought that this was the plan of action, isn't it? Sign a shim that  
boots Fedora. Presto, secured boot, with Microsoft's blessing.

So, did you just change your mind, and realize that:

1) It makes no sense, and

2) Microsoft is not going to sign a shim that will boot an arbitrary Linux  
kernel, which can be trivially used to bypass the protection that a secured  
boot offers to their non-free OS?

?

>> Actually, it makes perfect sense. This is analogous to client
>> certificate verification with TLS.
>>
>>> mean it's not even a real catch-22, you won't ever boot the kernel
>>> before the firmware, so this is a non-issue.
>>
>> You need to put yourself into Microsoft's frame of mind.
>>
>> They're going in the direction of OEMs locking down their firmware to
>> booting only Microsoft OSes. Now, the other shoe drops. In turn, some
>> future Microsoft OS release will only boot on firmware that's signed by
>> Microsoft's key. If it's not, the OS will refuse to boot, displaying a
>> soothing message to the user that their hardware is incompatible.
>>
>> To make it compatible, OEMs will have to pay the same $99 fee for
>> Microsoft to sign their firmware.
>>
>> Now you get it?
>
> Yes, you're right, it does make sense.  That would be considered blackmail

Somehow, I don't think they'd care how it's called, on this mailing list.
 
> though, at least if these OEMs don't have the option to abandon Microsoft to  
> sell their products to competitors.  Could they even get away with it?

Who would stop them?

> Anyway, this would only affect OEMs and Windows users who want to install  
> their copy of Windows on machines they assemble themselves (or in any way  
> non-approved by Microsoft).

Which includes install into a virtual machine that did not pay the Microsoft  
tax. That would include KVM.

>                              Do we really care about them?

Well, in the same way you'd care about someone sitting on the side of the  
road, all bloodied up, next to flaming, smoking wreck. You don't know them.  
They're of no personal interest to you. Still, as a human being, you would  
care somewhat. Maybe just a little. That's one of the things that makes you  
human.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20120602/d996d93a/attachment.sig>

More information about the users mailing list