Re: [gentoo-dev] Killing UEFI Secure Boot

public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@gentoo.org>
To: Richard Yao <ryao@gentoo.org>
Cc: gentoo-dev@lists.gentoo.org, Greg KH <gregkh@gentoo.org>,
	gentoo-genkernel@lists.gentoo.org,
	Sabayon public development mailing list <devel@lists.sabayon.org>,
	funtoo-dev@googlegroups.com
Subject: Re: [gentoo-dev] Killing UEFI Secure Boot
Date: Wed, 20 Jun 2012 13:20:45 -0700	[thread overview]
Message-ID: <20120620202045.GA9119@kroah.com> (raw)
In-Reply-To: <4FE22EFA.7040304@gentoo.org>

On Wed, Jun 20, 2012 at 04:13:46PM -0400, Richard Yao wrote:
> On 06/20/2012 04:08 PM, Greg KH wrote:
> > On Tue, Jun 19, 2012 at 06:11:46PM -0400, Richard Yao wrote:
> >> I know that there is a great deal of discussion on the effect that
> >> UEFI Secure Boot will have on us. As far as I know, Secure Boot is
> >> implemented in the UEFI firmware and if we replace the firmware,
> >> Secure Boot issues disappear.
> >
> > Stop right there.  That's just not going to happen, sorry.  You aren't
> > going to be able to get a user to replace their BIOS, nor should you
> > ever want to.  You are not going to be able to keep up with the
> > hundreds, if not thousands, of different motherboards being introduced
> > every month, in order to just get rid of the secure boot option.
> 
> OpenWRT does that with routers and Cyanogenmod does that with phones.

No, neither of them replaces the BIOS in their machines with an
opensource version.  There is no BIOS in those platforms, it's just
uboot or fastboot, the PC-like ecosystem is so vastly different it's
laughable.

> It seems reason for us to offer it as an option to users. With that
> said, this probably won't happen. One of the Core Boot developers
> informed me of what is involved in setting up the address space and it
> is infeasible for us to do.

And I agree with that developer.

Don't get "replace all of userspace and the kernel" confused with
"replace the UEFI bios".  You do realize that the UEFI bios is at least
double the size of the Linux kernel, with custom device drivers and tons
of other stuff in there?  Good luck replacing that...

> > And I want secure boot on my machines, with a key I trust, don't you?
> > If not, why not?  I know lots of others that also want this, why deny
> > them the ability to run Gentoo on their hardware?
> 
> To be clear, I was not talking about taking away options from users. I
> was talking about giving them options.

You are taking secure boot out of their systems, that sounds like taking
away an option to me :)

Anyway, it's all a moot point, as has been explained already, sorry.

greg k-h

next prev parent reply	other threads:[~2012-06-20 20:22 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-06-19 22:11 [gentoo-dev] Killing UEFI Secure Boot Richard Yao
2012-06-20  0:22 ` Rich Freeman
2012-06-20  1:10   ` Richard Yao
2012-06-20  1:25     ` Rich Freeman
2012-06-20  1:33       ` Richard Yao
2012-06-20  1:51         ` Rich Freeman
2012-06-20  3:27     ` Peter Stuge
     [not found]     ` <1a28c6af40914cf5b6b5559bd0195a1b@HUBCAS1.cs.stonybrook.edu>
2012-06-20 22:16       ` Richard Yao
2012-06-21  8:08         ` [gentoo-dev] " Duncan
2012-06-21  9:33           ` Richard Yao
2012-06-21 15:00             ` Ian Stakenvicius
2012-06-21 15:05               ` Richard Yao
2012-06-21 18:55                 ` Roy Bamford
2012-06-21 19:10                   ` Peter Stuge
2012-06-21 22:51                     ` Rich Freeman
     [not found]                     ` <2279549d74ab41acb17b7207aa1478f6@HUBCAS2.cs.stonybrook.edu>
2012-06-22  0:24                       ` Richard Yao
2012-06-22 13:02                         ` Ian Stakenvicius
2012-06-22  5:02             ` Duncan
2012-06-22  5:10               ` Richard Yao
2012-06-22  5:30                 ` Richard Yao
2012-06-20 20:08 ` [gentoo-dev] " Greg KH
2012-06-20 20:13   ` Richard Yao
2012-06-20 20:20     ` Greg KH [this message]
2012-06-20 20:35       ` Richard Yao
2012-06-20 21:09         ` Greg KH
     [not found]         ` <01ed9c34e80e4f66b9f5c9fbcdede39e@HUBCAS2.cs.stonybrook.edu>
2012-06-20 21:56           ` Richard Yao
2012-06-20 22:27             ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120620202045.GA9119@kroah.com \
    --to=gregkh@gentoo.org \
    --cc=devel@lists.sabayon.org \
    --cc=funtoo-dev@googlegroups.com \
    --cc=gentoo-dev@lists.gentoo.org \
    --cc=gentoo-genkernel@lists.gentoo.org \
    --cc=ryao@gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox