Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

[Thibault Nélis]

On 06/02/2012 10:19 PM, Sam Varshavchik wrote:
> But I thought that this was the plan of action, isn't it? Sign a shim
> that boots Fedora. Presto, secured boot, with Microsoft's blessing.
>
> So, did you just change your mind, and realize that:
>
> 1) It makes no sense, and
>
> 2) Microsoft is not going to sign a shim that will boot an arbitrary
> Linux kernel, which can be trivially used to bypass the protection that
> a secured boot offers to their non-free OS?

We're really talking about different things here I believe;  from my 
point of view, I see you asking the question "When will a universal key 
that can boot any kernel?" in a very rhetorical way, as in, it will 
never happen because either the system is broken or Microsoft won't 
allow it (I'm not sure what you meant exactly, but I'm pretty sure it's 
one of those, correct me if I'm wrong).

However, I argue that asking the question is a little wrong;  if such a 
key would exist, secure boot would lose its purpose, and thus we 
shouldn't even desire such a key.  But I'm kind of certain that you 
understand that very well already, which is why I'm out of words.

In my opinion, a better question would be "When will alternative 
organizations to Microsoft will appear to offer the same services?", and 
with that one I'd actually worry they might never come, even though we 
need them.

>> Yes, you're right, it does make sense. That would be considered blackmail
>
> Somehow, I don't think they'd care how it's called, on this mailing list.

Believe me I truly realize how broken the legal system is, in pretty 
much every country currently.  I'm just hoping there are a few laws that 
can be interpreted in a way that could recognize this as what it is 
[blackmail].

>> though, at least if these OEMs don't have the option to abandon
>> Microsoft to sell their products to competitors. Could they even get
>> away with it?
>
> Who would stop them?

I don't exactly know;  the SFLC, the EFF, the FSF, or heck, maybe the 
OSI (as I pointed out already they're kind of looking for things to do 
ATM apparently).  If they start using secure boot in higher APIs, 
especially in the web for hypothetical applications that would require 
secure boot (as discussed in another branch of this thread), then the 
many privacy activism organizations could jump on board too.  You've got 
to believe, there's still a lot of good people out there!

>> Do we really care about them?
>
> Well, in the same way you'd care about someone sitting on the side of
> the road, all bloodied up, next to flaming, smoking wreck. You don't
> know them. They're of no personal interest to you. Still, as a human
> being, you would care somewhat. Maybe just a little. That's one of the
> things that makes you human.

Yes, you're totally right, I didn't really mean it that way.  I was 
merely trying not to "go there" because that opens an entirely new 
debate (that's not uninteresting at all, just potentially very long).  I 
should have been either more subtle or more explicit about it, that was 
just ambiguous.
-- 
t