On Sun, Jun 17, 2012 at 05:51:04PM +0200, Michał Górny wrote: > On Sun, 17 Jun 2012 11:20:38 +0200 > Florian Philipp <li...@binarywings.net> wrote: > > > Am 16.06.2012 19:51, schrieb Michał Górny: > > > On Fri, 15 Jun 2012 09:54:12 +0200 > > > Florian Philipp <li...@binarywings.net> wrote: > > > > > >> Am 15.06.2012 06:50, schrieb Duncan: > > >>> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted: > > >>> > > >>>> So, anyone been thinking about this? I have, and it's not > > >>>> pretty. > > >>>> > > >>>> Should I worry about this and how it affects Gentoo, or not worry > > >>>> about Gentoo right now and just focus on the other issues? > > >>>> > > >>>> Minor details like, "do we have a 'company' that can pay > > >>>> Microsoft to sign our bootloader?" is one aspect from the > > >>>> non-technical side that I've been wondering about. > > >>> > > >>> I've been following developments and wondering a bit about this > > >>> myself. > > >>> > > >>> I had concluded that at least for x86/amd64, where MS is mandating > > >>> a user controlled disable-signed-checking option, gentoo shouldn't > > >>> have a problem. Other than updating the handbook to accommodate > > >>> UEFI, presumably along with the grub2 stabilization, I believe > > >>> we're fine as if a user can't figure out how to disable that > > >>> option on their (x86/amd64) platform, they're hardly likely to be > > >>> a good match for gentoo in any case. > > >>> > > >> > > >> As a user, I'd still like to have the chance of using Secure Boot > > >> with Gentoo since it _really_ increases security. Even if it means > > >> I can no longer build my own kernel. > > > > > > It doesn't. It's just a very long wooden fence; you just didn't find > > > the hole yet. > > > > > > > Oh come on! That's FUD and you know it. If not, did you even look at > > the specs and working principle? > > Could you answer the following question: > > 1. How does it increase security?
Non-signed bootloaders and kernels will not run. > 2. What happens if, say, your bootloader is compromised? And how would this happen? Your bootloader would not run. > 3. What happens if the machine signing the blobs is compromised? So, who's watching the watchers, right? Come on, this is getting looney. greg k-h
