From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-52466-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1SfP34-0005A5-SQ
	for garchives@archives.gentoo.org; Fri, 15 Jun 2012 05:26:24 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id DB54DE0793;
	Fri, 15 Jun 2012 05:26:05 +0000 (UTC)
Received: from mail-ob0-f181.google.com (mail-ob0-f181.google.com [209.85.214.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id CA479E0767
	for <gentoo-dev@lists.gentoo.org>; Fri, 15 Jun 2012 05:25:07 +0000 (UTC)
Received: by obbuo19 with SMTP id uo19so3909263obb.40
        for <gentoo-dev@lists.gentoo.org>; Thu, 14 Jun 2012 22:25:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date
         :x-google-sender-auth:message-id:subject:to:content-type
         :content-transfer-encoding;
        bh=xI8hxTz44AY7p6st0pirQMB+0thPWW9mjeL6oYzkG1E=;
        b=h2AvLzyCkBPnwJC0uaj4wB/BuKwSM2UqhoIdHT7c6MpZg/e/pNWvwF3vXn7jCXjF/2
         py0gk/k4Rg95KfeksEGpPWUVQI4hkzXNKMba8nkQhZTfT4lVIsKpkfsvdKgULDTnNSZv
         m/uVuCQFXTV4rem9k7xkZ3VjcJAOjj/0/TCvWM7urjEV1/bqgsVtFH+UaKpfZJ1I+ttW
         nRjtbcsRXEGPlzM5mvSYtmZ7rEMG2TZLjecjoXTiZEMihrq9Nmii5SO0vNgSC+EeFeQc
         Q5bN/ph6t11kjnLUvY/L63IXWkfUf8wDhnP2vdEyVxQ+I0MogcHClKriqJcd465IABjO
         Uujw==
Received: by 10.60.2.138 with SMTP id 10mr4442845oeu.58.1339737907124; Thu, 14
 Jun 2012 22:25:07 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Sender: arunissatan@gmail.com
Received: by 10.182.47.135 with HTTP; Thu, 14 Jun 2012 22:24:46 -0700 (PDT)
In-Reply-To: <CAB9SyzSV_rY4u43gO4hsNynz7KbF5kOT+7k8++BPNrg4b1zVMg@mail.gmail.com>
References: <20120615042810.GA9480@kroah.com> <CAO38tUqNiPif=+o_08gZ2LLg+HgWU=as1OS9NPaHpDr3wM2udQ@mail.gmail.com>
 <CAB9SyzSV_rY4u43gO4hsNynz7KbF5kOT+7k8++BPNrg4b1zVMg@mail.gmail.com>
From: Arun Raghavan <ford_prefect@gentoo.org>
Date: Fri, 15 Jun 2012 10:54:46 +0530
X-Google-Sender-Auth: ZGI2uzcagJFTf_H2Af530H0q4No
Message-ID: <CAO38tUo2=e_kVF3mYnTSDgGCS5bBBQvojexHeSiSy-nNr2SwTQ@mail.gmail.com>
Subject: Re: [gentoo-dev] UEFI secure boot and Gentoo
To: gentoo-dev@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: f2e22025-c50d-4f22-b84c-0425236338ca
X-Archives-Hash: f51c1f3909de7c5a5102cc91bfe4e2a1

On 15 June 2012 10:33, Ben de Groot <yngwin@gentoo.org> wrote:
> On 15 June 2012 12:45, Arun Raghavan <ford_prefect@gentoo.org> wrote:
>> On 15 June 2012 09:58, Greg KH <gregkh@gentoo.org> wrote:
>>> So, anyone been thinking about this? =A0I have, and it's not pretty.
>>>
>>> Minor details like, "do we have a 'company' that can pay Microsoft to
>>> sign our bootloader?" is one aspect from the non-technical side that I'=
ve
>>> been wondering about.
>>
>> Sounds like something the Gentoo Foundation could do.
>
> I'm certainly not the only one who would be averse to paying Microsoft
> any ransom money.

And our refusal to pay for the signing affects precisely nobody except
for our users, who will have to jump through an extra hoop to make
their system work.

On the flip side, having a simple way to use this infrastructure means
that people who care about security can get a chain of trust from the
firmware to the kernel (heck, maybe even userspace one day). This is
something that is worth having as well.
--=20
Arun Raghavan
http://arunraghavan.net/
(Ford_Prefect | Gentoo) & (arunsr | GNOME)