Linked by Thom Holwerda on Thu 31st May 2012 11:11 UTC
Fedora Core "Fedora 18 will be released at around the same time as Windows 8, and as previously discussed all Windows 8 hardware will be shipping with secure boot enabled by default. [...] We've been working on a plan for dealing with this. It's not ideal, but of all the approaches we've examined we feel that this one offers the best balance between letting users install Fedora while still permitting user freedom." Wait for it... "Our first stage bootloader will be signed with a Microsoft key."
Thread beginning with comment 520482
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by Radio
by Bill Shooter of Bul on Sat 2nd Jun 2012 19:16 UTC in reply to "Comment by Radio"
Bill Shooter of Bul
Member since:
2006-07-14

You suck at reading. The $99 isn't going to microsoft, its going to verisign. Not that verisign is a great company or anything, but please read before reacting.

Reply Parent Score: 2

RE[2]: Comment by Radio
by Alfman on Sat 2nd Jun 2012 20:35 in reply to "RE: Comment by Radio"
Alfman Member since:
2011-01-28

Bill Shooter of Bul,

"You suck at reading. The $99 isn't going to microsoft, its going to verisign. Not that verisign is a great company or anything, but please read before reacting."


I noticed the article was recently edited to say this, but the original article did not, so don't be too hard on the poster.


It's no secret that I oppose secure boot because it does more to promote corporate control than our security. However I do have some questions about the program:
Just who will be allowed to get a key, what are the qualifications?
Who is responsible for approving applicants?
Are any developers or end users going to be denied?
If noone is there to vet the software, then doesn't that undermine the entire "security model" behind secure boot?
Do we really know where the money goes? MS may be outsourcing this program to Verisign because they specialise in selling code certificates already, I kind of doubt the deal between MS and Verisign lets Verisign keep all the profits?

Reply Parent Score: 2

RE[3]: Comment by Radio
by mjg59 on Sun 3rd Jun 2012 00:27 in reply to "RE[2]: Comment by Radio"
mjg59 Member since:
2005-10-17

Just who will be allowed to get a key, what are the qualifications?

Anyone who's a member of the Microsoft Winqual program.

Who is responsible for approving applicants?

Verisign.

Are any developers or end users going to be denied?

As long as their identity can be validated, no.

If noone is there to vet the software, then doesn't that undermine the entire "security model" behind secure boot?

No, because keys can be revoked.

Do we really know where the money goes? MS may be outsourcing this program to Verisign because they specialise in selling code certificates already, I kind of doubt the deal between MS and Verisign lets Verisign keep all the profits?

All the profits from a $99 identity validation? I'm sure that's significant. In reality, Microsoft subsidise the program heavily.

Reply Parent Score: 1