On Wed, Jun 06, 2012 at 03:40:13PM +0100, Laurence Hurst wrote: > I can see this turning into a support nightmare for Fedora when, > inevitably, some hardware or firmware comes along which (at least as > an interim measure until "official" fixes are released) requires the > use of a newer kernel and/or module, or a patch/rebuild of an > existing one. > > I wonder how they will cope with the likes of nvidia/ati/intel who > release their own kernel modules and installers outside of the > distribution ecosystem, which will presumably be unsigned and a lot > of people seem to use for the [potential/perceived] performance > benefits.
In both cases, probably "disable secure boot". > I doubt there will be an easy way to disable the secure boot BIOS > setting on the users' behalf, even from a signed boot loader, as > that would just lead to malware finding a way to silently disable it > to get around it. Said malware would need to have direct BIOS access and thus be executed from a 'trusted' environment. 'Trusted' environments should disable direct hardware access except for signed components. The question is whether having a program which *intended* to do it for you could be signed and whether this would pass whatever requirements you are accepting when you hand over the 99$. -- Jon Dowland -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120606145014.GD22416@debian
