Need more info: UEFI Secure Boot in Fedora
Edward M
edwardm1 at live.com
Thu May 31 12:22:36 UTC 2012
On 05/31/2012 03:31 AM, Alan Cox wrote:
>> If there are better options then we haven't found them. So, in all
>> probability, this is the approach we'll take. Our first stage bootloader
>> will be signed with a Microsoft key.
> Why sign it at all. Also if the boot loader was signed it wouldn't be
> allowed to load anything else unsigned at OS level or allow users to
> install device drivers which might then take privileged control of the
> system. So goodbye Nvidia driver for example. It also takes you into the
> question at that point of whether a signed kernel with no key violates
> GPLv2, which seems quite possible.
I read Matthew Garrett blog and he is leading towards implementing
signing the first bootloader with an ms key. Was not aware of the
negtivity by doing that can bring.
garretÅ› blog:
http://mjg59.dreamwidth.org/12368.html
>> will I need to pay $99 to use linux,etc. what about other distros?
>> I know will be speculating at this point but wondering what could be the
>> reprecussions if this method is taken?
> The most recent state of affairs appears to be that for x86 (but *not*
> at the last checkj ARM) devices it's a requirement of the windows 8 logo
> and "secure" boot that it can be disabled just as things like the TC can.
Then i should be not be concerned.
>
> What is needed then is to make sure its well documented and standardised
> how people turn it off. This isn't just a Linux thing, its an old windows
> thing, its a DOS thing, its a BSD thing, etc
>
> As an end user the most effective thing anyone can do faced with a board
> that has secure boot and it's not immediately obvious how to disable it
> is to email and phone the suppliers tech support and pursue them
> repeatedly until they give an answer. That will generally speaking exceed
> their profit margin on the board by quite a bit so will make them very
> keen to document it clearly for future users.
>
> Alan
>
>
Thanks for the reply and clearing the confusion.
and to make sure future boards i buy lets users disable secure boot.
More information about the users
mailing list