On 06/07/2012 03:32 PM, Alan Cox wrote:
The best way to a Geek's heart is to feed them. But then you have to
figure out how to make them go home. :)
You turn off the internet connection.
+1
--
°v°
/(_)\
^ ^ Jatin Khatri
RHCSA,RHCE,CCNA
Registerd Linux user No #501175
www.linuxcounter.n
> The best way to a Geek's heart is to feed them. But then you have to
> figure out how to make them go home. :)
You turn off the internet connection.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listi
On 06/02/2012 01:08 PM, Joe Zeff wrote:
On 06/02/2012 08:35 AM, Thibault Nélis wrote:
Anyway, this would only affect OEMs and Windows users who want to
install their copy of Windows on machines they assemble themselves (or
in any way non-approved by Microsoft). Do we really care about them?
I
On 06/02/2012 08:14 AM, Thibault Nélis wrote:
If the technical task of signing a kernel is too much for people who
don't care much about security, they can disable secure boot.
Anyone here have password-protect set for their bios? I don't, never
have. So, I have no beef whatsoever if I can hi
On 06/05/2012 04:22 PM, Sam Varshavchik wrote:
JD writes:
On 06/05/2012 03:47 AM, Sam Varshavchik wrote:
Don't worry about. Microsoft will make sure that the OEM knows
exactly how to implement the ability to install keys for other
operating systems.
I like this sense of humor :) :)
Y
On 06/06/12 09:22, Sam Varshavchik wrote:
JD writes:
On 06/05/2012 03:47 AM, Sam Varshavchik wrote:
Don't worry about. Microsoft will make sure that the OEM knows
exactly how to implement the ability to install keys for other
operating systems.
I like this sense of humor :) :)
You th
JD writes:
On 06/05/2012 03:47 AM, Sam Varshavchik wrote:
Don't worry about. Microsoft will make sure that the OEM knows exactly how
to implement the ability to install keys for other operating systems.
I like this sense of humor :) :)
You thought I was joking?
pgpRpYF2kJDV4.pgp
D
On 2012/06/05 13:48, Aaron Konstam wrote:
On Tue, 2012-06-05 at 13:26 -0600, Kevin Fenzi wrote:
4) an other page that explains some of this, I don't know if has
been
mentioned here is
http://mjg59.dreamwidth.org/12368.html
It has some explanations, but the topic is still difficult to
under
On Tue, 2012-06-05 at 13:26 -0600, Kevin Fenzi wrote:
>
> > 4) an other page that explains some of this, I don't know if has
> been
> > mentioned here is
> >
> > http://mjg59.dreamwidth.org/12368.html
> >
> > It has some explanations, but the topic is still difficult to
> > understand and I wou
On Tue, 5 Jun 2012 12:07:00 -0700 (PDT)
Antonio Olivares wrote:
> > Supposing your OEM isn't abusing his powers and respects
> > Microsoft's requirements if it's an x86 platform, you should
> > be able to add your own key in the firmware, which will be
> > used to verify the boot loader. If this
> Supposing your OEM isn't abusing his powers and respects
> Microsoft's requirements if it's an x86 platform, you should
> be able to add your own key in the firmware, which will be
> used to verify the boot loader. If this thing is well
> designed (I assume it is), you won't have to flip a singl
On 06/05/2012 03:47 AM, Sam Varshavchik wrote:
Don't worry about. Microsoft will make sure that the OEM knows exactly
how to implement the ability to install keys for other operating systems.
I like this sense of humor :) :)
--
users mailing list
users@lists.fedoraproject.org
To unsubscrib
On Tue, 05 Jun 2012 13:33:54 +0200
Thibault Nélis wrote:
> On 06/05/2012 01:29 PM, Alan Cox wrote:
> > On Tue, 05 Jun 2012 06:47:24 -0400
> > Sam Varshavchik wrote:
> >> Don't worry about. Microsoft will make sure that the OEM knows exactly how
> >> to implement the ability to install keys for o
Thibault Nélis writes:
In any case, I'd be happy to talk about all this in a year or two, when
we'll have more information than speculations.
(Don't worry I'm not offended or anything, I'm just saying we don't know
jack yet.)
Not really. We do know a lot, actually. There are plenty of his
On 06/05/2012 01:29 PM, Alan Cox wrote:
On Tue, 05 Jun 2012 06:47:24 -0400
Sam Varshavchik wrote:
Don't worry about. Microsoft will make sure that the OEM knows exactly how
to implement the ability to install keys for other operating systems.
They seem quite averse to that actually.
UEFI its
On 06/05/2012 12:46 PM, Sam Varshavchik wrote:
Thibault Nélis writes:
Supposing your OEM isn't abusing his powers and respects Microsoft's
requirements if it's an x86 platform, you should be able to add your
own key in the firmware, which will be used to verify the boot loader.
And I would al
On Tue, 05 Jun 2012 06:47:24 -0400
Sam Varshavchik wrote:
> Thibault Nélis writes:
>
> > The main problem is that the UEFI spec doesn't describe a standard UI to do
> >
> > this AFAIK, so every hardware vendor might implement it in a different way.
>
> Don't worry about. Microsoft will make
Alan Cox writes:
> It is logically impossible to have a so-called "secure-boot" for both a
free
> OS and a non-free OS on the same platform.
Actually it's perfectly possible with some careful planning.
If you are using TXT or similar services you measure the entire boot path
and that then de
Thibault Nélis writes:
The main problem is that the UEFI spec doesn't describe a standard UI to do
this AFAIK, so every hardware vendor might implement it in a different way.
Don't worry about. Microsoft will make sure that the OEM knows exactly how
to implement the ability to install keys
Thibault Nélis writes:
Supposing your OEM isn't abusing his powers and respects Microsoft's
requirements if it's an x86 platform, you should be able to add your own key
in the firmware, which will be used to verify the boot loader.
And I would also like a pony, too.
Sheep; slaughter; etc…
> It is logically impossible to have a so-called "secure-boot" for both a free
> OS and a non-free OS on the same platform.
Actually it's perfectly possible with some careful planning.
If you are using TXT or similar services you measure the entire boot path
and that then defines your access to
On 06/05/2012 08:02 AM, JD wrote:
So, will there be a document that will accompany the ISO,
advising the user what key to insert into the firmware so
that the firmware will be able to authenticate the boot loader?
I don't know if this has been discussed somewhere at Fedora, but I would
assume
On 06/04/2012 10:39 PM, Thibault Nélis wrote:
On 06/05/2012 05:20 AM, JD wrote:
Well, I was thinking of distros.
Since I will not be the creator of the Linux ISO
which I will be downloading and burning onto a DVD,
how can I create those keys and insert them into the
DVD without going through the
On 06/05/2012 05:20 AM, JD wrote:
Well, I was thinking of distros.
Since I will not be the creator of the Linux ISO
which I will be downloading and burning onto a DVD,
how can I create those keys and insert them into the
DVD without going through the whole rigmarole
of building the OS and the who
On 06/05/2012 04:47 AM, Kevin Fenzi wrote:
On Mon, 04 Jun 2012 18:06:24 -0700
JD wrote:
On 06/04/2012 05:03 PM, Sam Varshavchik wrote:
This has been explained in this thread before.
It is logically impossible to have a so-called "secure-boot" for
both a free OS and a non-free OS on the same
On 06/05/2012 05:10 AM, JD wrote:
I wonder if China will go along with the MS plans!
Much of our HW is made in China. What's to prevent
China from inserting back door code in the HW? I
mean that would totally make secure boot a laughable
thing.
Well this scheme where the manufacturer inserts a
On 06/04/2012 07:47 PM, Kevin Fenzi wrote:
No one has wanted to be this 'authority'. Perhaps someone will come
out appear now given all the press. However, you should hopefully be
able to just create and sign your own keys if you like, so no need to
have an authority for that unless you want Mi
On 06/04/2012 04:05 PM, JD wrote:
On 06/04/2012 03:35 PM, Alan Cox wrote:
Seems there are good reasons to remove any Microsoft keys after all..
http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/
"rogue"
Amazing! I smell Class Action Lawsuits in
On 06/04/2012 07:38 PM, jdow wrote:
On 2012/06/04 19:05, JD wrote:
On 06/04/2012 06:53 PM, Sam Varshavchik wrote:
Possibly, in the worst case, in a distant future it will be a little
bit
difficult to find consumer-grade hardware, like laptops, which have the
necessary bits – either a switch
On Mon, 04 Jun 2012 18:06:24 -0700
JD wrote:
> On 06/04/2012 05:03 PM, Sam Varshavchik wrote:
> >
> > This has been explained in this thread before.
> >
> > It is logically impossible to have a so-called "secure-boot" for
> > both a free OS and a non-free OS on the same platform. Since, by
> > d
On 2012/06/04 19:05, JD wrote:
On 06/04/2012 06:53 PM, Sam Varshavchik wrote:
Possibly, in the worst case, in a distant future it will be a little bit
difficult to find consumer-grade hardware, like laptops, which have the
necessary bits – either a switch to disable secure boot, or an easy way
On 06/04/2012 06:53 PM, Sam Varshavchik wrote:
Possibly, in the worst case, in a distant future it will be a little
bit difficult to find consumer-grade hardware, like laptops, which
have the necessary bits – either a switch to disable secure boot, or
an easy way to install the right keys – t
JD writes:
On 06/04/2012 05:03 PM, Sam Varshavchik wrote:
JD writes:
I lost you guy!
I mean I do not understand how the creation of a single linux distro
signature authority for all linuxes, undermines whatever MS does to secure
it's OS.
Are the two necessarily mutually exclusive (i.e. the
On 06/04/2012 05:03 PM, Sam Varshavchik wrote:
JD writes:
I lost you guy!
I mean I do not understand how the creation of a single linux distro
signature authority for all linuxes, undermines whatever MS does to
secure it's OS.
Are the two necessarily mutually exclusive (i.e. they cannot both b
JD writes:
I lost you guy!
I mean I do not understand how the creation of a single linux distro
signature authority for all linuxes, undermines whatever MS does to secure
it's OS.
Are the two necessarily mutually exclusive (i.e. they cannot both be used on
dual or milti-boot systems?
This h
On 06/04/2012 03:35 PM, Alan Cox wrote:
Seems there are good reasons to remove any Microsoft keys after all..
http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/
"rogue"
Amazing! I smell Class Action Lawsuits in this.
--
users mailing list
users@li
> Winderful Wibble Motherboard with locked down UEFI: R2D2 $127.95
> Wunderful Wibble Motherboard with unlockable UEFI: R2D2-U $127.95
> Wunderful Wibble Motherboard with UEFI: R2D2-N $99.95
>
> With a simple BIOS transplant the board can move between configurations.
> The BIO
Seems there are good reasons to remove any Microsoft keys after all..
http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/
"rogue"
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedorap
On 2012/06/04 14:55, Kevin Fenzi wrote:
On Mon, 04 Jun 2012 14:48:44 -0700
JD wrote:
On 06/04/2012 01:44 PM, Aaron Konstam wrote:
This may have been covered but if you are among the majority (I
would guess) that do not have UEFI machines the question is kind of
moot is it not? I am assuming t
On Mon, 04 Jun 2012 14:48:44 -0700
JD wrote:
> On 06/04/2012 01:44 PM, Aaron Konstam wrote:
> > This may have been covered but if you are among the majority (I
> > would guess) that do not have UEFI machines the question is kind of
> > moot is it not? I am assuming that Fedora 18 will run on thes
On 06/04/2012 02:38 PM, Heinz Diehl wrote:
On 04.06.2012, JD wrote:
It's all about control control control - which translates into
money money money which buys power and influence.
Hell, it always has been..
Of course - once one foot is in the door, soon the
other (and others) will follow.
T
On 06/04/2012 01:44 PM, Aaron Konstam wrote:
This may have been covered but if you are among the majority (I would
guess) that do not have UEFI machines the question is kind of moot is
it not? I am assuming that Fedora 18 will run on these machines
without the UEFI boot firmware. Am I correct?
On 04.06.2012, JD wrote:
> It's all about control control control - which translates into
> money money money which buys power and influence.
Hell, it always has been..
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraprojec
On Sun, 2012-06-03 at 14:58 -0700, JD wrote:
> On 06/03/2012 12:20 PM, Joe Zeff wrote:
> > On 06/03/2012 12:03 PM, x414e54 wrote:
> >> Even my friends, I tell them about linux, and they are very skillful
> >> with computers but have no intention to use anything that is not
> >> pre-installed on th
Quoting JD :
On 06/04/2012 03:27 AM, Zoltan Hoppar wrote:
Hi,
I think is the same as the trusted computing bullshit, pretense to
gain money and keep away non-ms stuff.
Question why now? Why they want that so badly?
Z
My feeling is that the current economic gloom and doom is a fertile
ground
On 06/04/2012 03:27 AM, Zoltan Hoppar wrote:
Hi,
I think is the same as the trusted computing bullshit, pretense to
gain money and keep away non-ms stuff.
Question why now? Why they want that so badly?
Z
My feeling is that the current economic gloom and doom is a fertile
ground in which megal
Microsoft To Get Past UEFI Restrictions
On 06/04/2012 01:47 AM, Thibault Nélis wrote:
.
In my opinion, a better question would be "When will alternative
organizations to Microsoft will appear to offer the same services?",
and with that one I'd actually worry they might never come,
> That's just it - 95% of computer users use windows.
Depends on your definition of a) "use" and b) "computer"
You might want to compare the size of the Android market and the Windows
market (and the Android market itself has lots of lock down problems)
Alan
--
users mailing list
users@lists.fe
On 06/04/2012 12:22 PM, j.witvl...@mindef.nl wrote:
-Original Message-
From: users-boun...@lists.fedoraproject.org
[mailto:users-boun...@lists.fedoraproject.org] On Behalf Of JD
So, if all the linux distros put their "heads" together and create a single
Linux signature authority, which w
j.witvl...@mindef.nl writes:
Just hope that "official" versions of W8, do not require such uefi-structure
beneath them, otherwise you have a problem with vmware/kvm/xen.
Gee, you think?
pgpuFEuvTwd9w.pgp
Description: PGP signature
--
users mailing list
users@lists.fedoraproject.org
To un
Thibault Nélis writes:
On 06/02/2012 10:19 PM, Sam Varshavchik wrote:
But I thought that this was the plan of action, isn't it? Sign a shim
that boots Fedora. Presto, secured boot, with Microsoft's blessing.
So, did you just change your mind, and realize that:
1) It makes no sense, and
2) Mi
oject.org] On Behalf Of JD
> Sent: Monday, June 04, 2012 11:40 AM
> To: Community support for Fedora users
> Subject: Re: Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
>
> On 06/04/2012 01:47 AM, Thibault Nélis wrote:
>> .
>>
>> In my opinion, a bette
-Original Message-
From: users-boun...@lists.fedoraproject.org
[mailto:users-boun...@lists.fedoraproject.org] On Behalf Of JD
Sent: Monday, June 04, 2012 11:40 AM
To: Community support for Fedora users
Subject: Re: Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
On 06/04/2012 01
On 06/04/2012 01:47 AM, Thibault Nélis wrote:
.
In my opinion, a better question would be "When will alternative
organizations to Microsoft will appear to offer the same services?",
and with that one I'd actually worry they might never come, even
though we need them.
So, if all the linux d
On 06/02/2012 07:24 PM, JD wrote:
On 06/02/2012 10:08 AM, Joe Zeff wrote:
I sure do! The only PC's I've ever owned that were pre-built were
laptops. I'm not a hardware geek, but one of my friends is, and when
it's time to upgrade, we get together, buy parts and he puts them
together. I pay him w
On 06/02/2012 10:19 PM, Sam Varshavchik wrote:
But I thought that this was the plan of action, isn't it? Sign a shim
that boots Fedora. Presto, secured boot, with Microsoft's blessing.
So, did you just change your mind, and realize that:
1) It makes no sense, and
2) Microsoft is not going to s
On 06/03/2012 11:00 PM, Tim wrote:
Tim:
I'm curious about other differences that might occur while you're
running the system in the non-secured mode. Are we going to find that
bank sites can detect your running mode, and refuse access, for
instance?
Edward M:
if the menu can be reached to dis
On Sun, 2012-06-03 at 20:03 +0100, x414e54 wrote:
> Stop wasting time in the replacing the Windows market
I tend to agree. It's quite rare that something different can actually
be a replacement, only an alternative. Sometimes an alternative is
better, sometimes not. There are usually drawbacks
Tim:
>> I'm curious about other differences that might occur while you're
>> running the system in the non-secured mode. Are we going to find that
>> bank sites can detect your running mode, and refuse access, for
>> instance?
Edward M:
> if the menu can be reached to disabled secure boot. Appare
On 06/03/2012 12:20 PM, Joe Zeff wrote:
On 06/03/2012 12:03 PM, x414e54 wrote:
Even my friends, I tell them about linux, and they are very skillful
with computers but have no intention to use anything that is not
pre-installed on their system.
Yes. I tell friends that it's free and they're in
On 06/03/2012 12:03 PM, x414e54 wrote:
Even my friends, I tell them about linux, and they are very skillful
with computers but have no intention to use anything that is not
pre-installed on their system.
Yes. I tell friends that it's free and they're interested, but afraid
to try it because t
HI
Is there a possibility to build with open hw an complete desktop
system, that using coreboot?
If the community can provide an fairly strong platform that can be
cheaply produced as SOC, and SBC - no one can stand against us...
Zoltan
2012/6/3 x414e54 :
> I think people are forgetting that AR
I think people are forgetting that ARM is an important platform also. It
will become more important as time goes on. If there is a big push to
tablet or netbook computers towards ARM, then this is a huge problem.
ARM will not allow the ability to disable or re-provision keys like the x86
counterpar
On 06/02/2012 04:43 PM, Alan Cox wrote:
The firmware already has this.
Yes, now my mental cobwebs are getting cleaned out. I do recall reading
about this, a while ago.
Much of it is there for network booting (PXE etc) and in fact a fair bit
of it is there in the modern old style BIOS too.
On 06/02/2012 11:00 PM, Tim wrote:
I'm curious about other differences that might occur while you're
running the system in the non-secured mode. Are we going to find that
bank sites can detect your running mode, and refuse access, for
instance?
if the menu can be reached to disabled secure
On Sat, 2012-06-02 at 15:20 -0600, Kevin Fenzi wrote:
> "Mandatory. On non-ARM systems, the platform MUST implement the
> ability for a physically present user to select between two Secure
> Boot modes in firmware setup: "Custom" and "Standard".
I'm curious about other differences that might occur
> means of the Microsoft certificate, how much money would it take to make
> Microsoft geek to including a backdoor for the NSA?
I would assume they have one. One of the problems with this is presumably
they need to sign tools for every law enforcement agency with reasonable
claim - be that Israel
On 06/02/2012 04:01 PM, jdow wrote:
.
.
.
snip
If you can declare the OS is secure by
means of the Microsoft certificate, how much money would it take to make
Microsoft geek to including a backdoor for the NSA?
{o.o} Just sayin'
But that would be no different than how things are now!!
--
use
On 2012/06/02 13:27, Joe Zeff wrote:
On 06/02/2012 01:22 PM, Sam Varshavchik wrote:
Should be interesting to see how the great unwashed will accept waiting
2-3 minutes for their PC to boot, while their firmware is trying to grab
CRLs over the network.
Even more interesting will be seeing how
On 06/02/2012 02:29 PM, Alan Cox wrote:
It's not that simple. If you remove the Microsoft key and that is the key
for your video card then you can add your own keys but when you boot in
secure mode you won't have a display omn your plug in video card because
the video firmware won't have been sig
> > Remove the MS key and the firmware won't be signed. I doubt you can
> > re-sign any flash firmware. That's probably only a problem for the
> > paranoid because any government approved spyware from the FBI etc is
> > presumably going to use the Microsoft key by default.
>
> See above.
It's no
On Sat, 2 Jun 2012 20:49:29 +0100
Alan Cox wrote:
> > 3. Create your own keys and sign your own shim/grub2/kernel and
> > remove MS'es keys.
>
> And how are you going to add your own keys to the firmware ? There is
> no requirement for EFI to support this in anything I've seen so far.
> Hopeful
> > The firmware already has this.
>
> Yes, now my mental cobwebs are getting cleaned out. I do recall reading
> about this, a while ago.
Much of it is there for network booting (PXE etc) and in fact a fair bit
of it is there in the modern old style BIOS too.
>
> > > Before it boots the OS.
>
On 06/02/2012 01:22 PM, Sam Varshavchik wrote:
Should be interesting to see how the great unwashed will accept waiting
2-3 minutes for their PC to boot, while their firmware is trying to grab
CRLs over the network.
Even more interesting will be seeing how they react to the idea that
their lap
Alan Cox writes:
> Yes, but for that, the firmware will either need support from the OS it
> secure-boots, to go out on the network, check for revocations, and upload
> them into firmware; or the firmware itself must implement a bare-bones
> network stack, initialize the onboard NIC, obtain a DH
Thibault Nélis writes:
On 06/02/2012 04:34 AM, Sam Varshavchik wrote:
Well the math doesn't compute here, it's cryptographically impossible.
I mean you could sign a shim that won't verify the integrity of the boot
There you go.
Look I can't really go on on that. You seem to imply that this
> 3. Create your own keys and sign your own shim/grub2/kernel and remove
> MS'es keys.
And how are you going to add your own keys to the firmware ? There is no
requirement for EFI to support this in anything I've seen so far.
Hopefully everyone will.
Also btw I wouldn't bet on removing the Micro
On 06/02/2012 10:08 AM, Joe Zeff wrote:
On 06/02/2012 08:35 AM, Thibault Nélis wrote:
Anyway, this would only affect OEMs and Windows users who want to
install their copy of Windows on machines they assemble themselves (or
in any way non-approved by Microsoft). Do we really care about them?
On 06/02/2012 08:35 AM, Thibault Nélis wrote:
Anyway, this would only affect OEMs and Windows users who want to
install their copy of Windows on machines they assemble themselves (or
in any way non-approved by Microsoft). Do we really care about them?
I sure do! The only PC's I've ever owned
On Sat, 2 Jun 2012 16:30:11 +0100
Alan Cox wrote:
> > How do you mean "openly"? It can't get much more open that a
> > mandatory interface that let's you do it simply. What UEFI could
> > do to make things better is standardize the UI, but that's it.
>
> As I already said UEFI cannot do that.
> Yes, but for that, the firmware will either need support from the OS it
> secure-boots, to go out on the network, check for revocations, and upload
> them into firmware; or the firmware itself must implement a bare-bones
> network stack, initialize the onboard NIC, obtain a DHCP address, or
On 06/02/2012 04:34 AM, Sam Varshavchik wrote:
Well the math doesn't compute here, it's cryptographically impossible.
I mean you could sign a shim that won't verify the integrity of the boot
There you go.
Look I can't really go on on that. You seem to imply that this is a bad
thing. I simp
Once upon a time, Alan Cox said:
> > > Imagine the gall – wanting to be able to boot a custom kernel.
> >
> > Easy, sign it yourself. We went over it a hundred times now. If you
> > can build a kernel you can sign a million of them.
>
> With what. You can't create a suitable key.
You can cre
> How do you mean "openly"? It can't get much more open that a mandatory
> interface that let's you do it simply. What UEFI could do to make
> things better is standardize the UI, but that's it.
As I already said UEFI cannot do that. UEFI is deliberately engineered
not to have the ability to s
On 06/02/2012 04:28 AM, Sam Varshavchik wrote:
Yes, all five of them.
Point taken.
[0] Yes, I found it, it was there all along, I guess I didn't look
hard enough (or didn't listen properly):
http://download.microsoft.com/download/A/D/F/ADF5BEDE-C0FB-4CC0-A3E1-B38093F50BA1/windows8-hardware-ce
On 06/01/2012 08:09 PM, Tim wrote:
On Thu, 2012-05-31 at 20:56 -0700, JD wrote:
FWIW, perhaps - just perhaps - this is an attempt by MS and redhat
(and perhaps others like Oracle), to try an convince government
customers that a system with a signed bootloader and kernel and
modules, provides for
On Thu, 2012-05-31 at 20:56 -0700, JD wrote:
> FWIW, perhaps - just perhaps - this is an attempt by MS and redhat
> (and perhaps others like Oracle), to try an convince government
> customers that a system with a signed bootloader and kernel and
> modules, provides for such greater security, that t
Thibault Nélis writes:
Why Microsoft would help here is certainly a bit of a mystery at first, but
as I mentioned already, they certainly fear a PR and legal nightmare,
I do not believe they fear anything like this, at all.
Tell you what.
Let's revisit this, when there's a key that will bo
Joe Zeff writes:
On 06/01/2012 03:20 PM, Sam Varshavchik wrote:
No such option will exist for hardware-enforced OS lockdowns.
Cue the anti-trust suit from the DOJ in 5, 4, 3...
Stop me when you've reached negative one-million.
There was only reason Microsoft was sued originally, back when.
Thibault Nélis writes:
On 06/02/2012 12:47 AM, Sam Varshavchik wrote:
Who exactly is outraged right now? A bunch of geeks on a mailing list?
So what? Who cares?
Again, people have won cases to get their money back over the license of
preinstalled Windows copies because they use alternative
On 06/01/2012 05:30 PM, Sam Varshavchik wrote:
JD writes:
On 06/01/2012 04:18 AM, Sam Varshavchik wrote:
I don't give a frak about that. I just want to run my own stuff,
without anyone else sticking their nose in my personal business. Is
that too much to ask?
This discussion reminds me o
On 06/02/2012 01:26 AM, Sam Varshavchik wrote:
[snip]
I repeat: this is NOT going to happen. If you allow an open operating
system to boot, as a trusted boot, then "trusted boot" ceases all
meaning whatsoever for a non-free OS that requires a signed chain from
the hardware. And I won't even start
JD writes:
On 06/01/2012 04:18 AM, Sam Varshavchik wrote:
I don't give a frak about that. I just want to run my own stuff, without
anyone else sticking their nose in my personal business. Is that too much to
ask?
This discussion reminds me of the great Philospher Hegel.
The means used b
On 06/02/2012 12:47 AM, Sam Varshavchik wrote:
Who exactly is outraged right now? A bunch of geeks on a mailing list?
So what? Who cares?
Again, people have won cases to get their money back over the license of
preinstalled Windows copies because they use alternative OSes. Secure
boot is way
On 06/01/2012 03:20 PM, Sam Varshavchik wrote:
No such option will exist for hardware-enforced OS lockdowns.
Cue the anti-trust suit from the DOJ in 5, 4, 3...
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mail
Thibault Nélis writes:
On 06/01/2012 02:33 PM, Sam Varshavchik wrote:
If the shim enables anyone to execute any code they wish, "on bare
metal", it makes the entire concept of trusted boot completely and
totally moot.
Not anyone, just Fedora. If Fedora starts to fuck up and many Windows use
On 06/02/2012 12:20 AM, Sam Varshavchik wrote:
They won't have a choice. Microsoft will require that all hardware an
OEM makes must be signed by their key, or none at all. Hardware OEMs
will have to choose whether their entire product line will only support
a Microsoft OS, or all other OSes. No c
Thibault Nélis writes:
On 06/01/2012 02:40 PM, Sam Varshavchik wrote:
they can't possibly review all the software that could follow the boot
loader down the chain,
They won't have to. Once they have a signing key that boots their
current Windows OS, they have no further need for a certificati
Alan Cox writes:
Its a feature of the hardware design. It was designed into the UEFI
secure boot set up from the start for the same reasons a web browser
needs to be able to revoke keys.
Yes, but for that, the firmware will either need support from the OS it
secure-boots, to go out on the ne
Am 01.06.2012 13:17, schrieb Alan Cox:
AFAIK, Microsoft is already doing something like that with Windows drivers.
They must be signed by Microsoft, in order to avoid a warning thrown in your
face upon installation. I think that current Windows OS will just refuse to
install an unsigned driver, f
1 - 100 of 158 matches
Mail list logo
