From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SfoTX-0002ZK-Tq for garchives@archives.gentoo.org; Sat, 16 Jun 2012 08:35:20 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 657D8E0833; Sat, 16 Jun 2012 08:35:01 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by pigeon.gentoo.org (Postfix) with ESMTP id 80724E0965 for ; Sat, 16 Jun 2012 08:34:02 +0000 (UTC) Received: from compute4.internal (compute4.nyi.mail.srv.osa [10.202.2.44]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 3CFB12092E for ; Sat, 16 Jun 2012 04:34:02 -0400 (EDT) Received: from frontend1.nyi.mail.srv.osa ([10.202.2.160]) by compute4.internal (MEProxy); Sat, 16 Jun 2012 04:34:02 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=binarywings.net; h=message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type; s=mesmtp; bh=VIaAbkU57QcvQ/GAKXAyqAJa P8I=; b=ZUcDBjHM1MWX0WaipRsqNNTkSuYzXfGNkkWCdP9Y55nYqCVu/HkEwUjh XOu/1FdWSzfuYydJhpNCFn7VSpvucT6tf9aGTvFefftdPfQp19UTBJD5EUNwc7ef ZC21acTOXEyaShXOI/cJeXtoORIFoNrVEk7HQ1aHt4jsiIMJYj4= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type; s=smtpout; bh=VIaA bkU57QcvQ/GAKXAyqAJaP8I=; b=bSUwD+4Z+hRp8fFkbNPyohxwZYx7nJLuZQbi MnKfclX6pdQ0C/oUzfRqRsf+us9DySmJ+8q3sHV2UVFHjSgO+cF2zVOV2dbuF++6 QMrosxYVXHVunJOE9W7cPr7fPVP7P5ehS6uUDgT9Z1JktWhcHf6bwU1Tsj6VmCci fUFAZyw= X-Sasl-enc: 2sAoK8NFFoTYboUHUGFUc4BfR1rVPyMbMbo+mhKoTEfU 1339835641 Received: from [192.168.5.18] (unknown [83.169.5.6]) by mail.messagingengine.com (Postfix) with ESMTPA id B1B668E0209 for ; Sat, 16 Jun 2012 04:34:01 -0400 (EDT) Message-ID: <4FDC44F3.1090907@binarywings.net> Date: Sat, 16 Jun 2012 10:33:55 +0200 From: Florian Philipp User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20120602 Thunderbird/10.0.4 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo References: <20120615042810.GA9480@kroah.com> <20120615045604.GA25651@kroah.com> <20120615092607.68e5ddf0@pomiocik.lan> <4FDAE8ED.6080802@binarywings.net> <20120615235906.GD9885@kroah.com> In-Reply-To: <20120615235906.GD9885@kroah.com> X-Enigmail-Version: 1.3.5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig93F96D33D20948847F49179C" X-Archives-Salt: 1d9e58b1-e940-430e-9524-751dfa3f5275 X-Archives-Hash: 2b28803bc84df6e118505631d8e822b4 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig93F96D33D20948847F49179C Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 16.06.2012 01:59, schrieb Greg KH: > On Fri, Jun 15, 2012 at 09:49:01AM +0200, Florian Philipp wrote: >> Am 15.06.2012 09:26, schrieb Micha=C5=82 G=C3=B3rny: >>> On Thu, 14 Jun 2012 21:56:04 -0700 Greg KH wrote:= >>>> On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote: >>>>> On 15 June 2012 09:58, Greg KH wrote: >>>>>> So, anyone been thinking about this? I have, and it's not pretty.= >>>>>> >>>>>> Should I worry about this and how it affects Gentoo, or not worry >>>>>> about Gentoo right now and just focus on the other issues? >>>>> >>>>> I think it at least makes sense to talk about it, and work out what= >>>>> we can and cannot do. >>>>> >>>>> I guess we're in an especially bad position since everybody builds >>>>> their own bootloader. Is there /any/ viable solution that allows >>>>> people to continue doing this short of distributing a first-stage >>>>> bootloader blob? >>>> >>>> Distributing a first-stage bootloader blob, that is signed by >>>> Microsoft, or someone, seems to be the only way to easily handle thi= s. >>> >>> Maybe we could get one such a blob for all distros/systems? >>> >> >> I guess nothing prevents you from re-distributing Fedora's blob. >=20 > Fedora's blob will not boot your unsigned-with-fedoras-key kernel, so > redistributing it will not help anyone :( >=20 I meant along with Fedora's kernel, signed binary modules and so forth. The whole kernel space. --------------enig93F96D33D20948847F49179C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/cRPcACgkQqs4uOUlOuU+nKgCfRqyhtdT5JmZOT6UAKJ1qFCLc 90cAniyscYnMPvAyaYb96/HUKg1IMZtv =7CFv -----END PGP SIGNATURE----- --------------enig93F96D33D20948847F49179C--