On Thu, Jun 7, 2012 at 1:46 AM, Miles Bader <[email protected]> wrote: > Scott Ferguson <[email protected]> writes: >>>> You can't disable the code signing requirement on ARM. >>> >>> ... which is a great deal more worrying. >> >> Yes. And no. >> I'd hate to see a situation where it was impossible to buy an ARM (or >> other CPU based board) without UEFI that can be disabled - but I support >> devices that can be made to *only* run signed code *provided* MS is >> *not* the certificate agency. > > Would that mean anybody who wants to build their own kernel would need > to buy a signing key?
Not at all. You can generate your own key and load it into your UEFI. It's no different a situation than using self-signed ssl certs without buying one from a certificate authority. There's no need to pay any money to anyone to use the secure boot feature. Is it a hassle? Sure, but you're not beholden to any 3rd party regardless. -- Chris -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/caoevnyts_avjvs-2bkaka5aacblnat4cp0m_ax9y3c2jnmn...@mail.gmail.com
