From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SgBfr-0003jc-07 for garchives@archives.gentoo.org; Sun, 17 Jun 2012 09:21:35 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4883DE0B76; Sun, 17 Jun 2012 09:21:21 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by pigeon.gentoo.org (Postfix) with ESMTP id DCF49E09D8 for ; Sun, 17 Jun 2012 09:20:46 +0000 (UTC) Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 956E121077 for ; Sun, 17 Jun 2012 05:20:46 -0400 (EDT) Received: from frontend2.nyi.mail.srv.osa ([10.202.2.161]) by compute3.internal (MEProxy); Sun, 17 Jun 2012 05:20:46 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=binarywings.net; h=message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type; s=mesmtp; bh=uh/FzqSB17HKAnoUXoT2Z3Wa 3lU=; b=Rt3tmRkkhUwB9UoI9fbVD8DcliXQEeZgjgiicLmPDQCs318mOeEqZXrk zQD1+3Khn1MQ8Wd1DUPd4hcrZvJJmrO+4AJ4nP9+9PuOEEa9mvIHMCyv+QKf1SUb fTNRHCgWLf6kbJ/KYF3ACwE2wAOGAFtlsKqpPW7iKEsCMYl8b2Q= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type; s=smtpout; bh=uh/F zqSB17HKAnoUXoT2Z3Wa3lU=; b=RmCx1l4g5OGxuP0JYrpgiQTupybD7Whfei5r T42pq7d4ci4PXywak+10vSS4dU39XEeJI3ZSQRKB8NKU/2aB3ZlSyGokAkaeoLlZ GiCixPcG4MexFiNCFco06jTv7jSbrQwBlwk516I91d+SOB/uOfnVb7tYBWaaP9OH NA2WB6Q= X-Sasl-enc: PCKm7uShleeCcdCtzSQnQFlijFqH55ch0BE/HaABW+Dj 1339924846 Received: from [192.168.5.18] (unknown [83.169.5.6]) by mail.messagingengine.com (Postfix) with ESMTPA id 13D004825F1 for ; Sun, 17 Jun 2012 05:20:45 -0400 (EDT) Message-ID: <4FDDA166.8010404@binarywings.net> Date: Sun, 17 Jun 2012 11:20:38 +0200 From: Florian Philipp User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20120602 Thunderbird/10.0.4 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo References: <20120615042810.GA9480@kroah.com> <4FDAEA24.3010303@binarywings.net> <20120616195104.192e5abd@pomiocik.lan> In-Reply-To: <20120616195104.192e5abd@pomiocik.lan> X-Enigmail-Version: 1.3.5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig61C7E66E9B31154FCA81219B" X-Archives-Salt: 0d9e98ed-6c82-41cb-a883-b7ca8f5e5c73 X-Archives-Hash: 02da81923dca7b542cfe5c3680e4e19a This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig61C7E66E9B31154FCA81219B Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 16.06.2012 19:51, schrieb Micha=C5=82 G=C3=B3rny: > On Fri, 15 Jun 2012 09:54:12 +0200 > Florian Philipp wrote: >=20 >> Am 15.06.2012 06:50, schrieb Duncan: >>> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted: >>> >>>> So, anyone been thinking about this? I have, and it's not pretty. >>>> >>>> Should I worry about this and how it affects Gentoo, or not worry >>>> about Gentoo right now and just focus on the other issues? >>>> >>>> Minor details like, "do we have a 'company' that can pay Microsoft >>>> to sign our bootloader?" is one aspect from the non-technical side >>>> that I've been wondering about. >>> >>> I've been following developments and wondering a bit about this >>> myself. >>> >>> I had concluded that at least for x86/amd64, where MS is mandating >>> a user controlled disable-signed-checking option, gentoo shouldn't >>> have a problem. Other than updating the handbook to accommodate >>> UEFI, presumably along with the grub2 stabilization, I believe >>> we're fine as if a user can't figure out how to disable that option >>> on their (x86/amd64) platform, they're hardly likely to be a good >>> match for gentoo in any case. >>> >> >> As a user, I'd still like to have the chance of using Secure Boot with= >> Gentoo since it _really_ increases security. Even if it means I can no= >> longer build my own kernel. >=20 > It doesn't. It's just a very long wooden fence; you just didn't find > the hole yet. >=20 Oh come on! That's FUD and you know it. If not, did you even look at the specs and working principle? Regards, Florian Philipp --------------enig61C7E66E9B31154FCA81219B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/doWwACgkQqs4uOUlOuU9NggCfb7X/z4lU/wWZ7tIiKQYSYGjp uKgAnis23lohn8WZfekCwYPx1SIeO3K7 =ATKR -----END PGP SIGNATURE----- --------------enig61C7E66E9B31154FCA81219B--