From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SfRNL-0008Fk-KQ for garchives@archives.gentoo.org; Fri, 15 Jun 2012 07:55:23 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E3702E079D; Fri, 15 Jun 2012 07:55:09 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by pigeon.gentoo.org (Postfix) with ESMTP id 74FB9E0796 for ; Fri, 15 Jun 2012 07:54:16 +0000 (UTC) Received: from compute6.internal (compute6.nyi.mail.srv.osa [10.202.2.46]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 32B4821310 for ; Fri, 15 Jun 2012 03:54:16 -0400 (EDT) Received: from frontend2.nyi.mail.srv.osa ([10.202.2.161]) by compute6.internal (MEProxy); Fri, 15 Jun 2012 03:54:16 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=binarywings.net; h=message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type; s=mesmtp; bh=VIwk41EUfO9tlep3qaezZFCK CDo=; b=N4g/Mh82pLa3eBdIzzJ4Y+Sh6+f4hl8+68oQMieLb/IQDR63kgne6M4D n22zKXeMnyEId4DxYKDNWFrpG31yzia/0P/rcUELg/oYvfd8jgvUP1ZNWASn1dd9 rt3EX44OlxRqJusQPYSK1pDfrggdbG4MTRw7qa7phGpmJm/9phM= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type; s=smtpout; bh=VIwk 41EUfO9tlep3qaezZFCKCDo=; b=rTzpYeCmrn9RqqIeR/wLtzV8WODPdGYsjaIF +8zzQI1JNWlwHZtOlJUPXLi4zpx1+MUTTeXrtfK8HdEjQZK1S1ohOtGoFlOXfkrN k5mBrV2Oip66v16/j1K2lNFBv4cC9h6ND/jTN74GUQHDnYXtVhnPNqFRBZ6qwQnp y2XT0Tc= X-Sasl-enc: Dqj5cahd3T6BzzTyY/gAR+8m1P8nPdELBMaHlgfxvNJ7 1339746855 Received: from [192.168.5.18] (unknown [83.169.5.6]) by mail.messagingengine.com (Postfix) with ESMTPA id 209DE48350F for ; Fri, 15 Jun 2012 03:54:14 -0400 (EDT) Message-ID: <4FDAEA24.3010303@binarywings.net> Date: Fri, 15 Jun 2012 09:54:12 +0200 From: Florian Philipp User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20120602 Thunderbird/10.0.4 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo References: <20120615042810.GA9480@kroah.com> In-Reply-To: X-Enigmail-Version: 1.3.5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig4DF41207C8B4EA1C1D9EBC70" X-Archives-Salt: e98295cb-0ae4-4b8a-804e-5127a872b148 X-Archives-Hash: 7e48f9c3270c507b35a481b1e95b7c50 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig4DF41207C8B4EA1C1D9EBC70 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 15.06.2012 06:50, schrieb Duncan: > Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted: >=20 >> So, anyone been thinking about this? I have, and it's not pretty. >> >> Should I worry about this and how it affects Gentoo, or not worry abou= t >> Gentoo right now and just focus on the other issues? >> >> Minor details like, "do we have a 'company' that can pay Microsoft to >> sign our bootloader?" is one aspect from the non-technical side that >> I've been wondering about. >=20 > I've been following developments and wondering a bit about this myself.= >=20 > I had concluded that at least for x86/amd64, where MS is mandating a us= er=20 > controlled disable-signed-checking option, gentoo shouldn't have a=20 > problem. Other than updating the handbook to accommodate UEFI,=20 > presumably along with the grub2 stabilization, I believe we're fine as = if=20 > a user can't figure out how to disable that option on their (x86/amd64)= =20 > platform, they're hardly likely to be a good match for gentoo in any ca= se. >=20 As a user, I'd still like to have the chance of using Secure Boot with Gentoo since it _really_ increases security. Even if it means I can no longer build my own kernel. > ARM and etc could be more problematic since MS is mandating no-unlock=20 > there, last I read. I have no clue how they can get away with that ant= i- > trust-wise, but anyway... But I honestly don't know enough about other= =20 > than x86/amd64 platforms to worry about it, personally. >=20 I guess anti-trust is not an issue since MS is not even close to having a monopoly in ARM. Regards, Florian Philipp --------------enig4DF41207C8B4EA1C1D9EBC70 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/a6iQACgkQqs4uOUlOuU+NVACfS+EuDIvQ3qbP+jr6gn9S/bua jFAAniSBYHpTcKHF0Xzsbf/Za5BCfm0Z =Kv1f -----END PGP SIGNATURE----- --------------enig4DF41207C8B4EA1C1D9EBC70--