On Wed, Jun 06, 2012 at 09:56:07PM +1000, Scott Ferguson wrote: > the only things stopping Debian from getting a key is that not many > manufacturers would use it
They wouldn't have to: they have to trust anything signed with a private key that MS/Versign hold, so if Debian paid the 99$ and got a bootloader signed, it would be trusted. The manufacturers would not need to do any extra work. > and it'd require resources to manage and maintain, something better suited to > a commercial enterprise. That's the big deal. Fedora seem to believe they can manage maintaining closed and signed bootloaders, kernel and kernel modules. That would be very difficult to achieve in Debian. A more interesting approach might be to maintained a locked-down install image chain which offered, as a very early installer option, to disable the secure boot BIOS setting on your behalf. From then onwards you could run whatever you like. Whether or not that will be generally possible, I don't know. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120606135619.GB22416@debian
