On 2012-06-15 7:56 AM, Greg KH wrote: > Distributing a first-stage bootloader blob, that is signed by Microsoft, > or someone, seems to be the only way to easily handle this.
Fedora agrees: http://mjg59.dreamwidth.org/12368.html Other distros haven't decided yet afaik although there have been some discussions. > Also, some people might really want to sign their own bootloader and > kernel, and kernel modules (myself included) Yes, that is the goal we should try to achieve, i.e. to give the option to our users to sign all the way to userland. > Oh, and on the first-stage bootloader front, I already know of 2 simple, > and open source, examples that will work for Linux, so getting something > like that signed might not be very tough. It's the "where does the > chain-of-trust stop" question that gets tricky... Exactly. Do you have any concrete proposals? -- Eray Aslan <e...@gentoo.org>
signature.asc
Description: OpenPGP digital signature
