public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
From: Ben de Groot <yngwin@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo
Date: Fri, 15 Jun 2012 18:50:25 +0800	[thread overview]
Message-ID: <CAB9SyzTZckyAj76wcPE5uH7dE84+jWhdPFKOHv=_+oj-niH+pw@mail.gmail.com> (raw)
In-Reply-To: <4FDAEB22.4010109@gmail.com>

On 15 June 2012 15:58, Richard Farina <sidhayn@gmail.com> wrote:
> On 06/15/2012 03:12 AM, Ben de Groot wrote:
>> On 15 June 2012 13:24, Arun Raghavan <ford_prefect@gentoo.org> wrote:
>>> On 15 June 2012 10:33, Ben de Groot <yngwin@gentoo.org> wrote:
>>>> On 15 June 2012 12:45, Arun Raghavan <ford_prefect@gentoo.org> wrote:
>>>>> On 15 June 2012 09:58, Greg KH <gregkh@gentoo.org> wrote:
>>>>>> So, anyone been thinking about this?  I have, and it's not pretty.
>>>>>>
>>>>>> Minor details like, "do we have a 'company' that can pay Microsoft to
>>>>>> sign our bootloader?" is one aspect from the non-technical side that I've
>>>>>> been wondering about.
>>>>>
>>>>> Sounds like something the Gentoo Foundation could do.
>>>>
>>>> I'm certainly not the only one who would be averse to paying Microsoft
>>>> any ransom money.
>>>
>>> And our refusal to pay for the signing affects precisely nobody except
>>> for our users, who will have to jump through an extra hoop to make
>>> their system work.
>>>
>>> On the flip side, having a simple way to use this infrastructure means
>>> that people who care about security can get a chain of trust from the
>>> firmware to the kernel (heck, maybe even userspace one day). This is
>>> something that is worth having as well.
>>
>> I agree that security is a worthwhile goal. I just don't trust Microsoft.
>>
> It's more of a "pay us or your system can't boot" that I'm opposed to.

That's why I called it ransom money. I'm very opposed to that too.

But if we're talking about security and a chain of trust, then Microsoft
has no place in that either.

> Saying "I just don't trust Microsoft" is second to "I just don't trust
> corporations that extort money from me just so I can boot".  I don't
> care who we are paying, I'm offended by the idea.  If users can't build
> their own fully functional boot loader that's an issue.
>
> I'm all for the signed "work-around signatures" idea as it is the least
> objectionable... if such a thing is even possible.
>
> -Zero
>



-- 
Cheers,

Ben | yngwin
Gentoo developer
Gentoo Qt project lead



  parent reply	other threads:[~2012-06-15 10:51 UTC|newest]

Thread overview: 76+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-06-15  4:28 [gentoo-dev] UEFI secure boot and Gentoo Greg KH
2012-06-15  4:45 ` Arun Raghavan
2012-06-15  4:56   ` Greg KH
2012-06-15  5:24     ` Arun Raghavan
2012-06-15 21:28       ` Matthew Thode
2012-06-15  5:48     ` Eray Aslan
2012-06-15  7:26     ` Michał Górny
2012-06-15  7:49       ` Florian Philipp
2012-06-15  8:06         ` Richard Farina
2012-06-15  8:24           ` Florian Philipp
2012-06-15 23:59         ` Greg KH
2012-06-16  8:33           ` Florian Philipp
2012-06-16  0:03       ` gregkh
2012-06-15  5:00   ` [gentoo-dev] " Duncan
2012-06-15  5:03   ` [gentoo-dev] " Ben de Groot
2012-06-15  5:08     ` Matthew Finkel
2012-06-15  5:24     ` Arun Raghavan
2012-06-15  7:12       ` Ben de Groot
2012-06-15  7:58         ` Richard Farina
2012-06-15  8:37           ` Florian Philipp
2012-06-15 11:32             ` Walter Dnes
2012-06-15 12:01               ` Rich Freeman
2012-06-15 12:48                 ` Florian Philipp
2012-06-16  9:22                 ` Maxim Kammerer
2012-06-17 17:03                   ` Greg KH
2012-06-17 19:22                     ` Maxim Kammerer
2012-06-15 10:50           ` Ben de Groot [this message]
2012-06-16  0:02     ` Greg KH
2012-06-15  4:45 ` Greg KH
2012-06-15  5:48   ` Philip Webb
2012-06-16  0:01     ` Greg KH
2012-06-16  3:18       ` Philip Webb
2012-06-15 21:35   ` Matthew Thode
2012-06-16  0:00     ` Greg KH
2012-06-15  4:50 ` [gentoo-dev] " Duncan
2012-06-15  5:01   ` Matthew Finkel
2012-06-15  7:54   ` Florian Philipp
2012-06-15 12:28     ` Walter Dnes
2012-06-15 12:55       ` Florian Philipp
2012-06-16 23:37         ` Steev Klimaszewski
2012-06-17 16:58           ` Greg KH
2012-06-17 17:24             ` Dale
2012-06-16 17:51     ` Michał Górny
2012-06-17  9:20       ` Florian Philipp
2012-06-17 15:51         ` Michał Górny
2012-06-17 16:55           ` Greg KH
2012-06-17 17:06             ` Michał Górny
2012-06-17 17:17               ` Rich Freeman
2012-06-17 17:28               ` Florian Philipp
2012-06-17 17:56               ` Greg KH
2012-06-17 16:56           ` Matthew Finkel
2012-06-17 17:10             ` Michał Górny
2012-06-17 17:40               ` Florian Philipp
2012-06-17 17:34       ` Sascha Cunz
2012-06-17 17:55         ` Rich Freeman
2012-06-17 18:00         ` Florian Philipp
2012-06-17 18:56           ` Sascha Cunz
2012-06-17 19:20             ` Graham Murray
2012-06-17 20:30             ` Florian Philipp
2012-06-17 23:07               ` Rich Freeman
2012-06-22  6:42                 ` George Prowse
2012-06-15  4:57 ` [gentoo-dev] " Chí-Thanh Christopher Nguyễn
2012-06-15 12:18   ` Luca Barbato
2012-06-15 12:33     ` Rich Freeman
2012-06-15 23:56   ` Greg KH
2012-06-16  6:30     ` Michał Górny
2012-06-15 10:14 ` Rich Freeman
2012-06-15 11:26   ` Florian Philipp
2012-06-15 12:22   ` Luca Barbato
2012-06-15 12:45     ` Rich Freeman
2012-06-15 15:46   ` G.Wolfe Woodbury
2012-06-15 23:55   ` Greg KH
2012-06-16  0:41     ` Rich Freeman
2012-06-16  3:49       ` Greg KH
2012-06-16 23:52 ` Matthew Summers
2012-06-17  0:23   ` [gentoo-dev] " Duncan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAB9SyzTZckyAj76wcPE5uH7dE84+jWhdPFKOHv=_+oj-niH+pw@mail.gmail.com' \
    --to=yngwin@gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox