On Fri, Jun 01, 2012 at 09:52:20AM +0300, Nicu Buculei wrote: > On 05/31/2012 05:13 PM, Chris Adams wrote: > > > >Please don't spread FUD like this. You are wrong for a couple of > >reasons: > > > >- Secure boot is required to be able to be disabled on x86 (the only > > platform Fedora will support it). > > > >- Users can generate their own keys, enroll them in the secure boot > > firmware, and use those keys to sign their kernels. > > I am not sure I fully understand the technical part about UEFI so > please make it clear for me: I can generate my own keys, enroll them > in the secure boot firmware and then *continue* using the machine in > a *dual boot* with Windows 8?
Yes, as long as you don't remove the MS key. If you do, Windows won't boot (and neither will Fedora until you sign it with your key). > The presence on my own boot keys will make Windows 8 unbootable on > that machine or not? The hardware is not MS-centric -- it will boot using any trusted key without prejudice. I doubt that Windows will refuse to boot just because other trusted keys are present. I don't know enough about the interface between the secure boot firmware and OS to know if the OS can even tell what trusted keys are available. I know that the OS can't update the trusted key set itself -- that must be done by the user via the firmware directly. The OS can update the blacklists without the user's help, however (but the update must be signed with a trusted key). -- Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
