Alan Cox writes:
> certification key. That's the hood, welded shut, that's absolutely mandatory> for a secured bootloader to have any logical purpose, whatsoever.Correct - and you need to lock it down way more than that. Also I can't see Red Hat directly signing third party binary blobs. If it does that it implicitly believes they are lawful and also acquires some liability for them in they malfuction.
AFAIK, Microsoft is already doing something like that with Windows drivers. They must be signed by Microsoft, in order to avoid a warning thrown in your face upon installation. I think that current Windows OS will just refuse to install an unsigned driver, for any hardware.
pgpYvQbKDr7TI.pgp
Description: PGP signature
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
