"Christofer C. Bell" <christofer.c.b...@gmail.com> writes:
>> Would that mean anybody who wants to build their own kernel would need
>> to buy a signing key?
>
> Not at all. You can generate your own key and load it into your UEFI.
> It's no different a situation than using self-signed ssl certs
> without buying one from a certificate authority. There's no need to
> pay any money to anyone to use the secure boot feature. Is it a
> hassle? Sure, but you're not beholden to any 3rd party regardless.
Er, wait, doesn't that mean a malware author could do the same thing?
Or is entering a new key a "manual" process ("type in the 50 hex digit
key")?
Can there be multiple keys (I vaguely recall the article saying there
could only be one key [at MS's insistence]...but not sure if I really
understood what it was saying)?
Thanks,
-miles
--
We have met the enemy, and he is us. -- Pogo
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/877gvisb1u....@catnip.gol.com
