On Mon, 18 Jun 2012, Peter Jones <pjo...@redhat.com> wrote:
> On 06/18/2012 11:03 AM, Jay Sulzberger wrote:
>
>>> Microsoft has not refused to grant Fedora a key for ARM.
>>
>> This I do not understand. By reports in the admittedly
>> incompetent magazines dealing with home computers, Microsoft's
>> policy is to keep Fedora, and any other OSes, except for
>> Microsoft OSes, off all Microsoft Certified ARM devices.
>>
>> Perhaps you mean that Fedora has not asked Microsoft for a signing key.
>
> Signing on ARM would use the same key and signing service as x86. We have
> chosen not to pursue this usage due to the inability to disable Secure Boot
> or install your own chain of trust on ARM given the rules they've put
> forward.
>
>> Further questions ad ARM: According to Microsoft, can, in future,
>> "SecureBoot" be disabled on Microsoft Certified ARM devices?
>
> On ARM client devices, no, the current requirements do not allow you to
> disable Secure Boot. I don't think the behavior on server hardware is
> specified yet whatsoever.
>
>> Will the person who walks out of the store with a Microsoft
>> Certified ARM device be able to put their own signing key in?
>> What about the PK?
>
> No, not either.
>
> --
> Peter
Thanks very much Peter.
I am sorry not to have in hand today a proper exposition of my
position. Heaven forwarding, I will get one out soon.
oo--JS.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
