Linked by Thom Holwerda on Fri 22nd Jun 2012 23:17 UTC
Ubuntu, Kubuntu, Xubuntu After Fedora, Ubuntu has now also announced how it's going to handle the nonsense called "Secure" Boot. The gist: they'll use the same key as Fedora, but they claim they can't use GRUB2. "In the event that a manufacturer makes a mistake and delivers a locked-down system with a GRUB 2 image signed by the Ubuntu key, we have not been able to find legal guidance that we wouldn't then be required by the terms of the GPLv3 to disclose our private key in order that users can install a modified boot loader. At that point our certificates would of course be revoked and everyone would end up worse off." So, they're going to use the more liberally licensed efilinux loader from Intel. Only the bootloader will be signed; the kernel will not.
Permalink for comment 523428
To read all comments associated with this story, please click here.
RE[5]: Comment by Lazarus
by Alfman on Sat 23rd Jun 2012 03:54 UTC in reply to "RE[4]: Comment by Lazarus"
Alfman
Member since:
2011-01-28

mjg59,

"We'll be providing tools for users to install their own keys if they want to build their own kernels or use third party modules - it's vitally important to us that users be in control of their system, and we won't support any scenario where they're not."

Correct me if I'm wrong, but your stock kernel, which is to be validated under microsoft's chainloader, will reject 3rd party/end-user modules signed with user keys not approved by microsoft, right?

The only way for users to load/run their own modules would be for them to get their own keys approved by microsoft. If this user distributes code as "open source" to another user, they then face the same problem all over again. Each user who obtains the source code will loose the ability to compile & run it without permission from microsoft.

Your claiming that it's vitally important for users to be in control of their system, yet in my opinion this scenario doesn't permit that. It gives microsoft control. Can you help me understand your point of view better?


Edit:
I'm aware that you mention disabling secure boot or changing the keys in this link.
http://mjg59.dreamwidth.org/12368.html

But I'm talking about being able to use Fedora with secure boot enabled on a typical consumer system where the keys cannot be changed.

Edited 2012-06-23 04:05 UTC

Reply Parent Score: 4