On 06/06/2012 09:45, Bruce Cran wrote: > On 06/06/2012 08:32, Matthew Seaman wrote: >> On deeper thought though, the whole idea appears completely unworkable. >> It means that you will not be able to compile your own kernel or >> drivers unless you have access to a signing key. As building your own >> is pretty fundamental to the FreeBSD project, the logical consequence is >> that FreeBSD source should come with a signing key for anyone to use.
> It just means that anyone wishing to run their own kernels would either
> need to disable secure boot, or purchase/create their own certificate
> and install it.
Indeed. However disabling secure boot is apparently:
* too difficult for users of Fedora
* not possible on all platforms (arm based tablets especially)
and purchasing your own certificate currently means paying $99 to
Microsoft, or else getting a key from the hardware manufacturer (which I
very much suspect will not be free either).
While I would expect the typical FreeBSD user to be quite capable of
disabling secure boot, I know that this is something that will result in
realms of questions by new users, alarmist claims that "FreeBSD is not
secure" and general glee amongst the "FreeBSD is dying" crowd.
This is just another misconceived DRM scheme and suffers from all the
same old flaws.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey
signature.asc
Description: OpenPGP digital signature
