Linked by Elv13 on Sun 17th Jun 2012 10:35 UTC
Hardware, Embedded Systems "The UEFI secure boot mechanism has been the source of a great deal of concern in the free software community, and for good reason: it could easily be a mechanism by which we lose control over our own systems. Recently, Red Hat's Matthew Garrett described how the Fedora distribution planned to handle secure boot in the Fedora 18 release. That posting has inspired a great deal of concern and criticism, though, arguably, about the wrong things."
Thread beginning with comment 522669
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: uefi disable
by pgeorgi on Mon 18th Jun 2012 16:00 UTC in reply to "RE[2]: uefi disable"
pgeorgi
Member since:
2010-02-18

I failed to see how the proposed solution is somewhat unfitting. He asked for a simple jump or switch on motherboards, nothing more. I think it is the best and simplest solution I ever heard.

After some kicking and screaming, Microsoft was coerced to require a soft switch (somewhere in the firmware menu) to disable secureboot in order to gain the Windows 8 Logo. That's not the concern.

There are numerous others, eg.: Will that switch cease to exist sometimes, eg. with Windows 9 Logo? Why can you only ever sign files, incl. UEFI drivers with one signature, which grants an effective monopoly to Microsoft?

It will not lessen what Red Hat can do or claim for their systems and provides a fair level playing field for all others involved on linux/*BSD, or whatever camps.

Using such a switch (no matter if hardware or software) prevents the "boots securely" checkbox item on the RHEL sales material. Redhat _needs_ secureboot capability - not so much for Fedora, but for RHEL.
I guess that they do it for Fedora is just a way to get it tested before they run it by their paying customers.

Reply Parent Score: 2

RE[4]: uefi disable
by acobar on Mon 18th Jun 2012 23:43 in reply to "RE[3]: uefi disable"
acobar Member since:
2005-11-15

Using such a switch (no matter if hardware or software) prevents the "boots securely" checkbox item on the RHEL sales material.

If they NEED such thing, just REFUSE to boot on machines where this feature is available and was disabled. Nothing more, nothing less. It keep its toys and let the others play with theirs.

Edited 2012-06-18 23:44 UTC

Reply Parent Score: 2

RE[5]: uefi disable
by pgeorgi on Tue 19th Jun 2012 06:26 in reply to "RE[4]: uefi disable"
pgeorgi Member since:
2010-02-18

"Using such a switch (no matter if hardware or software) prevents the "boots securely" checkbox item on the RHEL sales material.

If they NEED such thing, just REFUSE to boot on machines where this feature is available and was disabled. Nothing more, nothing less. It keep its toys and let the others play with theirs.
"
At some point, customers (government, big business) will _require_ "secure" booting. Telling them to buy "insecure" systems (or disabling the secure boot feature) won't fly.

Reply Parent Score: 2