Wookey, 2012-01-09 15:04+0100: > I assume evyone here is aware of mjg's useful posts about the issue of > key-management in UEFI secure boot? > > We need to do one of: > > * get our bootloaders signed by something like the 'linuxfoundation key' > if such a thing gets widely installed, > * explain to users how to get the 'debian key' installed > * explain to users how to turn off secure boot. > * Get manufacturers to put the Debian key in machines for sale (or > just make them with Debian(or a deriviative) pre-installed.
Just as a reminder, we must be aware that GRUB images are generated locally on each host. Thus every user would have to have the secret key to sign their boot loader image. -- ,--. : /` ) Tanguy Ortolo <xmpp:tan...@ortolo.eu> <irc://irc.oftc.net/Tanguy> | `-' Debian Developer \_ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jef4ko$9cl$1...@dough.gmane.org
