From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SfQiL-0002Q3-Aa for garchives@archives.gentoo.org; Fri, 15 Jun 2012 07:13:01 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8E5BDE068C; Fri, 15 Jun 2012 07:12:47 +0000 (UTC) Received: from mail-lpp01m010-f53.google.com (mail-lpp01m010-f53.google.com [209.85.215.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 7C649E0529 for ; Fri, 15 Jun 2012 07:12:13 +0000 (UTC) Received: by lagu2 with SMTP id u2so1924243lag.40 for ; Fri, 15 Jun 2012 00:12:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=iIGoToe1L7aoPg9F8zULHYh1R5qrd6ZJGolLQA4PCu0=; b=ZqV9GZ12oEPqbBNvQabBiOYk1TItEhF/04NoGOZELuj8fj0xmf7q5uf5sGQxAgi/Wv 6N5BN4QzbkvSIqxCTzSEoq6Q+eo7jDDjqXvg0UBr2XzkeMtBCjBDNkCX9vUaI39czA8h c2NxHLp/M+fNBKsAIsm0YMMXzhU5DMVNI507lLHpxcKCs52zbIASbT7gsQ6o8pp1+kHd jIddGnl2evgQjSVby4yGimIALdu/46NFYrbv4rS2FFu81J1PzpZo7PurfU/7qgBcAsjZ rKU/OaxkZW61+Ut8ipJUNrIXDiEm91dNNISl1vpkMIEJk1OokPtmOn6b2kkQ4sGVQFCV qK3Q== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.152.105.51 with SMTP id gj19mr4472587lab.38.1339744332416; Fri, 15 Jun 2012 00:12:12 -0700 (PDT) Sender: yngwin@gmail.com Received: by 10.112.117.40 with HTTP; Fri, 15 Jun 2012 00:12:12 -0700 (PDT) In-Reply-To: References: <20120615042810.GA9480@kroah.com> Date: Fri, 15 Jun 2012 15:12:12 +0800 X-Google-Sender-Auth: _9psXAIZ4uGHpVFiGplnocxxt4c Message-ID: Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo From: Ben de Groot To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: fa4c150a-23b9-4889-99f0-bdf16b8f4525 X-Archives-Hash: 169ae2df5707b9a33a8a9348c5e1fe1d On 15 June 2012 13:24, Arun Raghavan wrote: > On 15 June 2012 10:33, Ben de Groot wrote: >> On 15 June 2012 12:45, Arun Raghavan wrote: >>> On 15 June 2012 09:58, Greg KH wrote: >>>> So, anyone been thinking about this? =C2=A0I have, and it's not pretty= . >>>> >>>> Minor details like, "do we have a 'company' that can pay Microsoft to >>>> sign our bootloader?" is one aspect from the non-technical side that I= 've >>>> been wondering about. >>> >>> Sounds like something the Gentoo Foundation could do. >> >> I'm certainly not the only one who would be averse to paying Microsoft >> any ransom money. > > And our refusal to pay for the signing affects precisely nobody except > for our users, who will have to jump through an extra hoop to make > their system work. > > On the flip side, having a simple way to use this infrastructure means > that people who care about security can get a chain of trust from the > firmware to the kernel (heck, maybe even userspace one day). This is > something that is worth having as well. I agree that security is a worthwhile goal. I just don't trust Microsoft. --=20 Cheers, Ben | yngwin Gentoo developer Gentoo Qt project lead