From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SfQug-0004Qs-Ci for garchives@archives.gentoo.org; Fri, 15 Jun 2012 07:25:48 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A613CE0682; Fri, 15 Jun 2012 07:25:27 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 4891CE058F for ; Fri, 15 Jun 2012 07:24:47 +0000 (UTC) Received: from pomiocik.lan (p14.ppp.polbox.pl [213.241.7.14]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 96E5D1B4028; Fri, 15 Jun 2012 07:24:45 +0000 (UTC) Date: Fri, 15 Jun 2012 09:26:07 +0200 From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= To: gentoo-dev@lists.gentoo.org Cc: gregkh@gentoo.org Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo Message-ID: <20120615092607.68e5ddf0@pomiocik.lan> In-Reply-To: <20120615045604.GA25651@kroah.com> References: <20120615042810.GA9480@kroah.com> <20120615045604.GA25651@kroah.com> Organization: Gentoo X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.10; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA256; boundary="Sig_/Re5XNV9f0XyO9ITl2tFThld"; protocol="application/pgp-signature" X-Archives-Salt: a729cbb1-892a-4636-a64b-e60f91274ee8 X-Archives-Hash: 152cbd6044e9dad10c5912974efd3106 --Sig_/Re5XNV9f0XyO9ITl2tFThld Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, 14 Jun 2012 21:56:04 -0700 Greg KH wrote: > On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote: > > On 15 June 2012 09:58, Greg KH wrote: > > > So, anyone been thinking about this? =C2=A0I have, and it's not prett= y. > > > > > > Should I worry about this and how it affects Gentoo, or not worry > > > about Gentoo right now and just focus on the other issues? > >=20 > > I think it at least makes sense to talk about it, and work out what > > we can and cannot do. > >=20 > > I guess we're in an especially bad position since everybody builds > > their own bootloader. Is there /any/ viable solution that allows > > people to continue doing this short of distributing a first-stage > > bootloader blob? >=20 > Distributing a first-stage bootloader blob, that is signed by > Microsoft, or someone, seems to be the only way to easily handle this. Maybe we could get one such a blob for all distros/systems? Also, does this signature system have any restrictions on what is signed and what is not? In other words, will they actually sign a blob saying 'work-around signatures' on the top? --=20 Best regards, Micha=C5=82 G=C3=B3rny --Sig_/Re5XNV9f0XyO9ITl2tFThld Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iJwEAQEIAAYFAk/a45MACgkQfXuS5UK5QB2+ygP/dofVKi1gVR4OzuPLRTwPt7zm Ofd+98hwa8OkVUVkVGagQuB+W539lllXap3q7Awu+rxw3hAbmokW6RH1YFcBZbrT S42mH5B9wV2kmFGuSGqr4481CRZYwFrEdZYQgGHZ9Xp4DQDZY0nguSwhXj98NkXc +YMEbcPaNkzNafvDsLI= =rGdl -----END PGP SIGNATURE----- --Sig_/Re5XNV9f0XyO9ITl2tFThld--