From: Ben de Groot <yngwin@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo
Date: Fri, 15 Jun 2012 18:50:25 +0800 [thread overview]
Message-ID: <CAB9SyzTZckyAj76wcPE5uH7dE84+jWhdPFKOHv=_+oj-niH+pw@mail.gmail.com> (raw)
In-Reply-To: <4FDAEB22.4010109@gmail.com>
On 15 June 2012 15:58, Richard Farina <sidhayn@gmail.com> wrote:
> On 06/15/2012 03:12 AM, Ben de Groot wrote:
>> On 15 June 2012 13:24, Arun Raghavan <ford_prefect@gentoo.org> wrote:
>>> On 15 June 2012 10:33, Ben de Groot <yngwin@gentoo.org> wrote:
>>>> On 15 June 2012 12:45, Arun Raghavan <ford_prefect@gentoo.org> wrote:
>>>>> On 15 June 2012 09:58, Greg KH <gregkh@gentoo.org> wrote:
>>>>>> So, anyone been thinking about this? I have, and it's not pretty.
>>>>>>
>>>>>> Minor details like, "do we have a 'company' that can pay Microsoft to
>>>>>> sign our bootloader?" is one aspect from the non-technical side that I've
>>>>>> been wondering about.
>>>>>
>>>>> Sounds like something the Gentoo Foundation could do.
>>>>
>>>> I'm certainly not the only one who would be averse to paying Microsoft
>>>> any ransom money.
>>>
>>> And our refusal to pay for the signing affects precisely nobody except
>>> for our users, who will have to jump through an extra hoop to make
>>> their system work.
>>>
>>> On the flip side, having a simple way to use this infrastructure means
>>> that people who care about security can get a chain of trust from the
>>> firmware to the kernel (heck, maybe even userspace one day). This is
>>> something that is worth having as well.
>>
>> I agree that security is a worthwhile goal. I just don't trust Microsoft.
>>
> It's more of a "pay us or your system can't boot" that I'm opposed to.
That's why I called it ransom money. I'm very opposed to that too.
But if we're talking about security and a chain of trust, then Microsoft
has no place in that either.
> Saying "I just don't trust Microsoft" is second to "I just don't trust
> corporations that extort money from me just so I can boot". I don't
> care who we are paying, I'm offended by the idea. If users can't build
> their own fully functional boot loader that's an issue.
>
> I'm all for the signed "work-around signatures" idea as it is the least
> objectionable... if such a thing is even possible.
>
> -Zero
>
--
Cheers,
Ben | yngwin
Gentoo developer
Gentoo Qt project lead
next prev parent reply other threads:[~2012-06-15 10:51 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-15 4:28 [gentoo-dev] UEFI secure boot and Gentoo Greg KH
2012-06-15 4:45 ` Arun Raghavan
2012-06-15 4:56 ` Greg KH
2012-06-15 5:24 ` Arun Raghavan
2012-06-15 21:28 ` Matthew Thode
2012-06-15 5:48 ` Eray Aslan
2012-06-15 7:26 ` Michał Górny
2012-06-15 7:49 ` Florian Philipp
2012-06-15 8:06 ` Richard Farina
2012-06-15 8:24 ` Florian Philipp
2012-06-15 23:59 ` Greg KH
2012-06-16 8:33 ` Florian Philipp
2012-06-16 0:03 ` gregkh
2012-06-15 5:00 ` [gentoo-dev] " Duncan
2012-06-15 5:03 ` [gentoo-dev] " Ben de Groot
2012-06-15 5:08 ` Matthew Finkel
2012-06-15 5:24 ` Arun Raghavan
2012-06-15 7:12 ` Ben de Groot
2012-06-15 7:58 ` Richard Farina
2012-06-15 8:37 ` Florian Philipp
2012-06-15 11:32 ` Walter Dnes
2012-06-15 12:01 ` Rich Freeman
2012-06-15 12:48 ` Florian Philipp
2012-06-16 9:22 ` Maxim Kammerer
2012-06-17 17:03 ` Greg KH
2012-06-17 19:22 ` Maxim Kammerer
2012-06-15 10:50 ` Ben de Groot [this message]
2012-06-16 0:02 ` Greg KH
2012-06-15 4:45 ` Greg KH
2012-06-15 5:48 ` Philip Webb
2012-06-16 0:01 ` Greg KH
2012-06-16 3:18 ` Philip Webb
2012-06-15 21:35 ` Matthew Thode
2012-06-16 0:00 ` Greg KH
2012-06-15 4:50 ` [gentoo-dev] " Duncan
2012-06-15 5:01 ` Matthew Finkel
2012-06-15 7:54 ` Florian Philipp
2012-06-15 12:28 ` Walter Dnes
2012-06-15 12:55 ` Florian Philipp
2012-06-16 23:37 ` Steev Klimaszewski
2012-06-17 16:58 ` Greg KH
2012-06-17 17:24 ` Dale
2012-06-16 17:51 ` Michał Górny
2012-06-17 9:20 ` Florian Philipp
2012-06-17 15:51 ` Michał Górny
2012-06-17 16:55 ` Greg KH
2012-06-17 17:06 ` Michał Górny
2012-06-17 17:17 ` Rich Freeman
2012-06-17 17:28 ` Florian Philipp
2012-06-17 17:56 ` Greg KH
2012-06-17 16:56 ` Matthew Finkel
2012-06-17 17:10 ` Michał Górny
2012-06-17 17:40 ` Florian Philipp
2012-06-17 17:34 ` Sascha Cunz
2012-06-17 17:55 ` Rich Freeman
2012-06-17 18:00 ` Florian Philipp
2012-06-17 18:56 ` Sascha Cunz
2012-06-17 19:20 ` Graham Murray
2012-06-17 20:30 ` Florian Philipp
2012-06-17 23:07 ` Rich Freeman
2012-06-22 6:42 ` George Prowse
2012-06-15 4:57 ` [gentoo-dev] " Chí-Thanh Christopher Nguyễn
2012-06-15 12:18 ` Luca Barbato
2012-06-15 12:33 ` Rich Freeman
2012-06-15 23:56 ` Greg KH
2012-06-16 6:30 ` Michał Górny
2012-06-15 10:14 ` Rich Freeman
2012-06-15 11:26 ` Florian Philipp
2012-06-15 12:22 ` Luca Barbato
2012-06-15 12:45 ` Rich Freeman
2012-06-15 15:46 ` G.Wolfe Woodbury
2012-06-15 23:55 ` Greg KH
2012-06-16 0:41 ` Rich Freeman
2012-06-16 3:49 ` Greg KH
2012-06-16 23:52 ` Matthew Summers
2012-06-17 0:23 ` [gentoo-dev] " Duncan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAB9SyzTZckyAj76wcPE5uH7dE84+jWhdPFKOHv=_+oj-niH+pw@mail.gmail.com' \
--to=yngwin@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox