Linked by Thom Holwerda on Thu 31st May 2012 11:11 UTC
Fedora Core "Fedora 18 will be released at around the same time as Windows 8, and as previously discussed all Windows 8 hardware will be shipping with secure boot enabled by default. [...] We've been working on a plan for dealing with this. It's not ideal, but of all the approaches we've examined we feel that this one offers the best balance between letting users install Fedora while still permitting user freedom." Wait for it... "Our first stage bootloader will be signed with a Microsoft key."
Permalink for comment 520272
To read all comments associated with this story, please click here.
Alfman
Member since:
2011-01-28

bhtooefr,

"I'd say that there needs to be a jumper inside the case for allowing addition of authorized secure boot certificates. Pain in the ass, but it keeps the idiots that will answer 'yes' to everything out, while letting the people that know what they're doing in."

I'd find it to be one of many acceptable solutions. A physical jumper could reset the mainboard to it's original "setup mode" (as defined in the UEFI specification). This way the system returns to a clean state as before it was loaded with microsoft's key. In this mode the system would be ready to accept the user's own keys.

See the following sections for how UEFI "setup mode" works:
27.5 Firmware/OS Key Exchange: creating trust relationships
27.5.2 Clearing The Platform Key (Edit: the spec offers no mechanisms for owners to clear a 3rd party key)


There is no shortage of solutions that are superior to microsoft's, but unfortunately microsoft is in a position to dictate hardware standards and independent developers are not.

Edited 2012-06-01 02:06 UTC

Reply Parent Score: 2