From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-52484-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1SfU7a-0005ht-0d
	for garchives@archives.gentoo.org; Fri, 15 Jun 2012 10:51:18 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 59AF5E07B2;
	Fri, 15 Jun 2012 10:51:04 +0000 (UTC)
Received: from mail-lpp01m010-f53.google.com (mail-lpp01m010-f53.google.com [209.85.215.53])
	by pigeon.gentoo.org (Postfix) with ESMTP id F2512E0798
	for <gentoo-dev@lists.gentoo.org>; Fri, 15 Jun 2012 10:50:26 +0000 (UTC)
Received: by lagu2 with SMTP id u2so2041645lag.40
        for <gentoo-dev@lists.gentoo.org>; Fri, 15 Jun 2012 03:50:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:reply-to:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        bh=5gG2cZLmoUyPW4bQXUuWK6w8vPc7W9k7rnDewkw2XDM=;
        b=FSbXenRqaRENDDKYWOYU9+sCt8Fy1JQZ+Q+rCsPMx/MeIcwZVMRFENwTM4cyfwVVi8
         vPPWXRtazh5eJXOPuU7+cM+lmyXJtJFDxX9iiEn+MzMQi9GUn+desliilC6R5rqtBEf3
         ilq+AulP8YVqoVLBkdyC/sNMPGwSzf2syeZDfIA5KVi3xShXF7zj9fShUQPCz5FbWr8p
         FDsodCrFi1dALDqy4uZYrDnhstrsuXuC5JCWtM2B8jC54zm2zlGtHVBq59a/PvFBJOKb
         sIUszj1cBDmOxr8Bl2QucTsVc1Z6mcqR4OjdXetP46Ufqf19GvcLcl9LyjtgYm+gfiKY
         gRVg==
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.152.145.41 with SMTP id sr9mr5069432lab.25.1339757425791; Fri,
 15 Jun 2012 03:50:25 -0700 (PDT)
Sender: yngwin@gmail.com
Received: by 10.112.117.40 with HTTP; Fri, 15 Jun 2012 03:50:25 -0700 (PDT)
In-Reply-To: <4FDAEB22.4010109@gmail.com>
References: <20120615042810.GA9480@kroah.com>
	<CAO38tUqNiPif=+o_08gZ2LLg+HgWU=as1OS9NPaHpDr3wM2udQ@mail.gmail.com>
	<CAB9SyzSV_rY4u43gO4hsNynz7KbF5kOT+7k8++BPNrg4b1zVMg@mail.gmail.com>
	<CAO38tUo2=e_kVF3mYnTSDgGCS5bBBQvojexHeSiSy-nNr2SwTQ@mail.gmail.com>
	<CAB9SyzTGMLxQjhWs+y6LBhkY5PG2ZV-HS3oEqvXVr1RuP1N_cw@mail.gmail.com>
	<4FDAEB22.4010109@gmail.com>
Date: Fri, 15 Jun 2012 18:50:25 +0800
X-Google-Sender-Auth: ERBjASLlggHAVY8UDzDRL9u3mOY
Message-ID: <CAB9SyzTZckyAj76wcPE5uH7dE84+jWhdPFKOHv=_+oj-niH+pw@mail.gmail.com>
Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo
From: Ben de Groot <yngwin@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 71b8020c-9399-4023-9654-10849e5a6794
X-Archives-Hash: fbe888853ce7e005a9d6d5e967989443

On 15 June 2012 15:58, Richard Farina <sidhayn@gmail.com> wrote:
> On 06/15/2012 03:12 AM, Ben de Groot wrote:
>> On 15 June 2012 13:24, Arun Raghavan <ford_prefect@gentoo.org> wrote:
>>> On 15 June 2012 10:33, Ben de Groot <yngwin@gentoo.org> wrote:
>>>> On 15 June 2012 12:45, Arun Raghavan <ford_prefect@gentoo.org> wrote:
>>>>> On 15 June 2012 09:58, Greg KH <gregkh@gentoo.org> wrote:
>>>>>> So, anyone been thinking about this? =C2=A0I have, and it's not pret=
ty.
>>>>>>
>>>>>> Minor details like, "do we have a 'company' that can pay Microsoft t=
o
>>>>>> sign our bootloader?" is one aspect from the non-technical side that=
 I've
>>>>>> been wondering about.
>>>>>
>>>>> Sounds like something the Gentoo Foundation could do.
>>>>
>>>> I'm certainly not the only one who would be averse to paying Microsoft
>>>> any ransom money.
>>>
>>> And our refusal to pay for the signing affects precisely nobody except
>>> for our users, who will have to jump through an extra hoop to make
>>> their system work.
>>>
>>> On the flip side, having a simple way to use this infrastructure means
>>> that people who care about security can get a chain of trust from the
>>> firmware to the kernel (heck, maybe even userspace one day). This is
>>> something that is worth having as well.
>>
>> I agree that security is a worthwhile goal. I just don't trust Microsoft=
.
>>
> It's more of a "pay us or your system can't boot" that I'm opposed to.

That's why I called it ransom money. I'm very opposed to that too.

But if we're talking about security and a chain of trust, then Microsoft
has no place in that either.

> Saying "I just don't trust Microsoft" is second to "I just don't trust
> corporations that extort money from me just so I can boot". =C2=A0I don't
> care who we are paying, I'm offended by the idea. =C2=A0If users can't bu=
ild
> their own fully functional boot loader that's an issue.
>
> I'm all for the signed "work-around signatures" idea as it is the least
> objectionable... if such a thing is even possible.
>
> -Zero
>



--=20
Cheers,

Ben | yngwin
Gentoo developer
Gentoo Qt project lead