From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SgHlW-00045w-TW for garchives@archives.gentoo.org; Sun, 17 Jun 2012 15:51:51 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A2522E07B7; Sun, 17 Jun 2012 15:51:22 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 46533E073B for ; Sun, 17 Jun 2012 15:49:38 +0000 (UTC) Received: from pomiocik.lan (77-255-13-153.adsl.inetia.pl [77.255.13.153]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 916811B4016; Sun, 17 Jun 2012 15:49:35 +0000 (UTC) Date: Sun, 17 Jun 2012 17:51:04 +0200 From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= To: gentoo-dev@lists.gentoo.org Cc: lists@binarywings.net Subject: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo Message-ID: <20120617175104.055e62e8@pomiocik.lan> In-Reply-To: <4FDDA166.8010404@binarywings.net> References: <20120615042810.GA9480@kroah.com> <4FDAEA24.3010303@binarywings.net> <20120616195104.192e5abd@pomiocik.lan> <4FDDA166.8010404@binarywings.net> Organization: Gentoo X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.10; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA256; boundary="Sig_/eJajDOOmzYqZqY.4O+/6gqz"; protocol="application/pgp-signature" X-Archives-Salt: eab0a1dc-9f77-4e4c-92e7-7e8d6c262e34 X-Archives-Hash: ae21c4a358cea9d47073ca06cd77b717 --Sig_/eJajDOOmzYqZqY.4O+/6gqz Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sun, 17 Jun 2012 11:20:38 +0200 Florian Philipp wrote: > Am 16.06.2012 19:51, schrieb Micha=C5=82 G=C3=B3rny: > > On Fri, 15 Jun 2012 09:54:12 +0200 > > Florian Philipp wrote: > >=20 > >> Am 15.06.2012 06:50, schrieb Duncan: > >>> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted: > >>> > >>>> So, anyone been thinking about this? I have, and it's not > >>>> pretty. > >>>> > >>>> Should I worry about this and how it affects Gentoo, or not worry > >>>> about Gentoo right now and just focus on the other issues? > >>>> > >>>> Minor details like, "do we have a 'company' that can pay > >>>> Microsoft to sign our bootloader?" is one aspect from the > >>>> non-technical side that I've been wondering about. > >>> > >>> I've been following developments and wondering a bit about this > >>> myself. > >>> > >>> I had concluded that at least for x86/amd64, where MS is mandating > >>> a user controlled disable-signed-checking option, gentoo shouldn't > >>> have a problem. Other than updating the handbook to accommodate > >>> UEFI, presumably along with the grub2 stabilization, I believe > >>> we're fine as if a user can't figure out how to disable that > >>> option on their (x86/amd64) platform, they're hardly likely to be > >>> a good match for gentoo in any case. > >>> > >> > >> As a user, I'd still like to have the chance of using Secure Boot > >> with Gentoo since it _really_ increases security. Even if it means > >> I can no longer build my own kernel. > >=20 > > It doesn't. It's just a very long wooden fence; you just didn't find > > the hole yet. > >=20 >=20 > Oh come on! That's FUD and you know it. If not, did you even look at > the specs and working principle? Could you answer the following question: 1. How does it increase security? 2. What happens if, say, your bootloader is compromised? 3. What happens if the machine signing the blobs is compromised? --=20 Best regards, Micha=C5=82 G=C3=B3rny --Sig_/eJajDOOmzYqZqY.4O+/6gqz Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iJwEAQEIAAYFAk/d/OgACgkQfXuS5UK5QB2JaQP/YVuq2Fctp13EVrxB6cyfM9Fh 1bAIUVPEa0Zjytd5lxRH7NKOUp3pADSaXLFgWluWvAV2dz98nrYbEiVIMQw1jK6O OjiPCaFejyCtfU6uhMFfeIOnyGFaI+hubH4ydhTZSFVOG8jfN6jSo8UEPQM1hhC5 owsGX/PJbp8BjcimfSM= =fq50 -----END PGP SIGNATURE----- --Sig_/eJajDOOmzYqZqY.4O+/6gqz--