On Thu, 2022-08-25 at 23:21 +0100, Steve McIntyre wrote: > On Wed, Aug 24, 2022 at 09:40:24AM +0800, Paul Wise wrote: > > In the future Intel may enable a scenario similar to Secure Boot's > > Machine Owner Key setup, where device owners can add new signing keys. > > > > https://github.com/thesofproject/sof/issues/5814 > > > > In that situation, Debian could sign the audio firmware binaries > > instead and allow users to sign their own modified firmware binaries. > > Yup, that would be a lovely big win!
Unfortunately it seems like they were leaning towards the key enrolment interface being in the UEFI menus, I asked them to allow shim too tho. > I'd prefer us not to get dragged down the "users just need to pick the > right hardware" path. That way potentially lies a (slightly snobbish?) > "you chose wrong, try harder" message that will just push users (and > eventually developers) to other distros. Agreed. We could still promote hardware that works best with Debian somehow, for example on mobile you can run mainline Linux on some phones but the initial setup procedure is so painful that promoting Librem and PinePhone might be better despite their cost/quality issues. https://drewdevault.com/2022/08/25/pmOS-on-xiaomi-poco-f1.html > There are always going to be machines that we can't/won't be able to > support, but when the vast majority of current laptops don't function > sensibly without non-free firmware I think we have to adapt to reality > in supporting our users. Agreed. We could do that with "for most laptops, click here" links that lead to a non-free image section with something like "Please note this image contains and installs proprietary firmware that is needed to make parts of the hardware work and will likely work but is not FOSS and so Debian cannot fix any issues with it ourselves, we have to rely on the firmware vendor to fix any issues reported". For the free platforms we could have "for Raptor Computing, click here" go to the free images. -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
