Linked by Thom Holwerda on Thu 31st May 2012 11:11 UTC
Fedora Core "Fedora 18 will be released at around the same time as Windows 8, and as previously discussed all Windows 8 hardware will be shipping with secure boot enabled by default. [...] We've been working on a plan for dealing with this. It's not ideal, but of all the approaches we've examined we feel that this one offers the best balance between letting users install Fedora while still permitting user freedom." Wait for it... "Our first stage bootloader will be signed with a Microsoft key."
Thread beginning with comment 520140
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: I for one find it disturbing
by vaette on Thu 31st May 2012 15:06 UTC in reply to "I for one find it disturbing"
vaette
Member since:
2008-08-09

It is a one-time fee of $99, paid for by RedHat to get the Fedora key. I don't think you need to twist and turn too much at night over that "tax".

Reply Parent Score: 2

orestes Member since:
2005-07-06

It's also a $99 fee paid by anyone who wants to disseminate their modified binaries without shenanigans being required on the end user's side of things.

I don't personally take issue with the nominal fee, but I do feel there should be a choice of trusted key signers available instead of giving MS another defacto monopoly. Get Verisign or IBM or someone else sufficiently big and "trustworthy" involved as a neutral party.

Reply Parent Score: 4

Alfman Member since:
2011-01-28

orestes,

"I don't personally take issue with the nominal fee, but I do feel there should be a choice of trusted key signers available instead of giving MS another defacto monopoly. Get Verisign or IBM or someone else sufficiently big and 'trustworthy' involved as a neutral party."


I think the owner should be the defacto root of trust.

Reply Parent Score: 2

einr Member since:
2012-02-15

Unless you want to build your own custom kernel on an UEFI system. Then, you'd better have your $99 handy.

Reply Parent Score: 2

vaette Member since:
2008-08-09

Doubt you would be able to even with $99 (suspect the program is such that you need to be able to verify your identity and aimed at companies), but for developers turning off secure boot is not a complex task. I do agree that we should all push hardware manufacturers to include the options both to change keys and turn of secure boot, I just find both Microsofts and Fedoras motivations in this case to be pragmatic and good.

Edited 2012-05-31 18:17 UTC

Reply Parent Score: 2

orestes Member since:
2005-07-06

Nope. That's what the custom mode is for, the user can assert their own keys in the system for signing. The headache comes in when you want to distribute those custom kernels to others as binaries

Reply Parent Score: 3