From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SfgRK-0000Ax-6s for garchives@archives.gentoo.org; Sat, 16 Jun 2012 00:00:30 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CDD48E086A; Sat, 16 Jun 2012 00:00:11 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by pigeon.gentoo.org (Postfix) with ESMTP id 3BC54E07DF for ; Fri, 15 Jun 2012 23:59:08 +0000 (UTC) Received: from compute6.internal (compute6.nyi.mail.srv.osa [10.202.2.46]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id E885C20C00 for ; Fri, 15 Jun 2012 19:59:07 -0400 (EDT) Received: from frontend1.nyi.mail.srv.osa ([10.202.2.160]) by compute6.internal (MEProxy); Fri, 15 Jun 2012 19:59:07 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=date:from:to:subject:message-id :references:mime-version:content-type:content-transfer-encoding :in-reply-to; s=smtpout; bh=aQksr1G96dHS48NCdbDGI0EM3D4=; b=hLLq cPYipxRueS39vsI7WiIpKqTe8+dBPOBdckkBJwKsafSYRxm3xlbwExATIcsIrtle j5gVv+xn0pMe4JiArkEBz/GyO/ruhoihJ0Q405vvF/A1etxs9v/e4vp7qhKHGvuW fV01i+/KUXgW2g+atIvG+2rK8BrD4HW9ipQMFdY= X-Sasl-enc: DamTRnspnpIio+Xx1zAaiFaodPXNPLSi3kL9S7f3wxuw 1339804747 Received: from localhost (unknown [67.168.183.230]) by mail.messagingengine.com (Postfix) with ESMTPA id 8FE018E01D5; Fri, 15 Jun 2012 19:59:07 -0400 (EDT) Date: Fri, 15 Jun 2012 16:59:06 -0700 From: Greg KH To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo Message-ID: <20120615235906.GD9885@kroah.com> References: <20120615042810.GA9480@kroah.com> <20120615045604.GA25651@kroah.com> <20120615092607.68e5ddf0@pomiocik.lan> <4FDAE8ED.6080802@binarywings.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <4FDAE8ED.6080802@binarywings.net> User-Agent: Mutt/1.5.21 (2010-09-15) Content-Transfer-Encoding: quoted-printable X-Archives-Salt: ab0ea5a7-812d-4152-8dd7-c0a0b82f90f1 X-Archives-Hash: 8b5f108b368d06b850f2ecfbb972b50c On Fri, Jun 15, 2012 at 09:49:01AM +0200, Florian Philipp wrote: > Am 15.06.2012 09:26, schrieb Micha=C5=82 G=C3=B3rny: > > On Thu, 14 Jun 2012 21:56:04 -0700 Greg KH wrote: > >> On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote: > >>> On 15 June 2012 09:58, Greg KH wrote: > >>>> So, anyone been thinking about this? I have, and it's not pretty. > >>>> > >>>> Should I worry about this and how it affects Gentoo, or not worry > >>>> about Gentoo right now and just focus on the other issues? > >>> > >>> I think it at least makes sense to talk about it, and work out what > >>> we can and cannot do. > >>> > >>> I guess we're in an especially bad position since everybody builds > >>> their own bootloader. Is there /any/ viable solution that allows > >>> people to continue doing this short of distributing a first-stage > >>> bootloader blob? > >> > >> Distributing a first-stage bootloader blob, that is signed by > >> Microsoft, or someone, seems to be the only way to easily handle thi= s. > >=20 > > Maybe we could get one such a blob for all distros/systems? > >=20 >=20 > I guess nothing prevents you from re-distributing Fedora's blob. Fedora's blob will not boot your unsigned-with-fedoras-key kernel, so redistributing it will not help anyone :( greg k-h