From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SfPQ1-0008O2-B2 for garchives@archives.gentoo.org; Fri, 15 Jun 2012 05:50:02 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 499B8E0767; Fri, 15 Jun 2012 05:49:38 +0000 (UTC) Received: from smtplnd0.caf.com.tr (smtplnd0.caf.com.tr [109.74.200.132]) by pigeon.gentoo.org (Postfix) with ESMTP id DAED5E0768 for ; Fri, 15 Jun 2012 05:48:54 +0000 (UTC) Received: from mail.caf.com.tr (mail.caf.com.tr [88.250.130.162]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtplnd0.caf.com.tr (Postfix) with ESMTPS id D5F7F50111 for ; Fri, 15 Jun 2012 05:48:53 +0000 (UTC) Received: from localhost (mta.caf.com.tr [10.0.2.208]) by mail.caf.com.tr (Postfix) with ESMTP id 3WD9jx1FD9z4N0H for ; Fri, 15 Jun 2012 05:48:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at caf.com.tr Received: from mail.caf.com.tr ([10.0.2.205]) by localhost (check.caf.com.tr [10.0.2.205]) (amavisd-new, port 10026) with ESMTP id DbPHCgJr1d-z for ; Fri, 15 Jun 2012 05:48:52 +0000 (UTC) Received: from [10.0.9.75] (unknown [10.0.9.75]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.caf.com.tr (Postfix) with ESMTPSA id 3WD9jw5MS0z4N0F for ; Fri, 15 Jun 2012 05:48:52 +0000 (UTC) Message-ID: <4FDACCBB.1060206@gentoo.org> Date: Fri, 15 Jun 2012 08:48:43 +0300 From: Eray Aslan User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo References: <20120615042810.GA9480@kroah.com> <20120615045604.GA25651@kroah.com> In-Reply-To: <20120615045604.GA25651@kroah.com> X-Enigmail-Version: 1.4.2 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig17BAFE5DA8BC130A2213039A" X-Archives-Salt: dea3e21a-44aa-4314-b11b-a1e5822a62f8 X-Archives-Hash: 05ef3d0b5fda290f637e302fb50cffa6 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig17BAFE5DA8BC130A2213039A Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 2012-06-15 7:56 AM, Greg KH wrote: > Distributing a first-stage bootloader blob, that is signed by Microsoft= , > or someone, seems to be the only way to easily handle this. Fedora agrees: http://mjg59.dreamwidth.org/12368.html Other distros haven't decided yet afaik although there have been some discussions. > Also, some people might really want to sign their own bootloader and > kernel, and kernel modules (myself included) Yes, that is the goal we should try to achieve, i.e. to give the option to our users to sign all the way to userland. > Oh, and on the first-stage bootloader front, I already know of 2 simple= , > and open source, examples that will work for Linux, so getting somethin= g > like that signed might not be very tough. It's the "where does the > chain-of-trust stop" question that gets tricky... Exactly. Do you have any concrete proposals? --=20 Eray Aslan --------------enig17BAFE5DA8BC130A2213039A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJP2szDAAoJEHfx8XVYajsf5LkP/jxHuIPgQJvTTkeudgXN/2Tc BZL95OW3vMEUYAbfoYTFJny+7oeCBaqYb0swE1g9lYDQKL1ePYK6JgZ7qus0o6nN WuJsgfHAvdT+NgiccLTpxe3PFuEbaOG4KxLLPss4Ofb3ozn9VN1fYBp7/bLBbQuK Mz20Aq9ZPJ3FWxUMOYK2F3WYRjN6vpcdhs4MIh5DdBmMuEmZFIBdRGZbEQxDdzPY uWcm96uo8uhc7NgoJbJKYhLADtfNeBiAkf8McUoll19r6ScOAZpyk2R0m6ukt598 pVgO/cXOCgMEqrmh59ue/0JpI/HaCAlJ7F4CrM9MNssGDLNqNO2Sj+yBWQW9qWd2 3edoioIqf6YOneb4LJIS51RP9WdLCGZbeCjpyCgvCM2nG0mbT6jT/3LC9n46EfPC j1lhJQF9RyqdQq5j1IRvMIZQe9paaQI611d/WbJm3oQ1/VRKIw7XW5kSh4vEwZ+O hPXyJT1ueZaPfGMgdgphgb5RC7zon/3c0aJn/3iTFaEAelde51xFgc/ThtHFXR8K ouIqykrliP/bEuKS2tnGs/82a4r+39Aih39IMHeqVuzQHRNKUU49npMB3NwtE8X6 M5oLv++8wD+6Hevzz7sflWrPfz//g8mOVFfACTAGHMLELGDiJkpJeIfWBkalclxO HmTBXdFaFbxWpHc1dVIZ =Jj6A -----END PGP SIGNATURE----- --------------enig17BAFE5DA8BC130A2213039A--