On Mon, Feb 25, 2013 at 04:59:55PM -0800, Greg KH wrote: > Wait right here. This is NOT mandated by UEFI, nor by anyone else. It > might be a nice thing that some people and companies want to implement, > but please don't think that some external entity is requiring that Linux > implement this, that is not true.
Oh, come on Greg. Allowing unsigned modules allows loading arbitrary code into the kernel, and allowing arbitrary code into the kernel means that the kernel can be used to directly boot a modified copy of the Windows kernel. Avoiding that scenario is *explicitly* mandated by Microsoft. We can avoid it by either not using Microsoft as the root of trust or by requiring explicit key installation during the OS install process, but both of those make OS installation more difficult. If we want Linux to Just Work out of the box on Microsoft-certified hardware, this is one of the rules we have to live by. -- Matthew Garrett | mj...@srcf.ucam.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
