On Sat, 2 Jun 2012 16:30:11 +0100 Alan Cox <a...@lxorguk.ukuu.org.uk> wrote:
> > How do you mean "openly"? It can't get much more open that a > > mandatory interface that let's you do it simply. What UEFI could > > do to make things better is standardize the UI, but that's it. > > As I already said UEFI cannot do that. UEFI is deliberately engineered > not to have the ability to standardise UI. > > > > Imagine the gall – wanting to be able to boot a custom kernel. > > > > Easy, sign it yourself. We went over it a hundred times now. If > > you can build a kernel you can sign a million of them. > > With what. You can't create a suitable key. Sure you can. Part of the work Peter and Matthew have been working on is to add tools and ability to create your OWN keys and use them. https://github.com/vathpela/pesign So, your choices are: 1. Use secureboot enabled and use the Fedora signed shim/grub2/kernel. 2. Disable secureboot and use the normal Fedora stuff, or make your own. 3. Create your own keys and sign your own shim/grub2/kernel and remove MS'es keys. Documentation and tooling for 3 should be provided by Fedora folks. kevin
signature.asc
Description: PGP signature
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
