From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SanyS-0007Fh-F9 for garchives@archives.gentoo.org; Sat, 02 Jun 2012 13:02:32 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id AEA23E04F2; Sat, 2 Jun 2012 13:02:16 +0000 (UTC) Received: from mail-bk0-f53.google.com (mail-bk0-f53.google.com [209.85.214.53]) by pigeon.gentoo.org (Postfix) with ESMTP id AFAE9E0027 for ; Sat, 2 Jun 2012 13:00:46 +0000 (UTC) Received: by bkcjk13 with SMTP id jk13so2929530bkc.40 for ; Sat, 02 Jun 2012 06:00:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=SanPWuidtMnNmG6pm+iWUVD1MOGbdVW5CXYpZtGnSVY=; b=k1axC8v9vZWhpkAEBv3ZaL0gkT+4TTGOvwCrIBqQiW7C3hycPjXf/Nd6hXipm/8v55 KrATYGKyMeYW6O53kmp9eRWXKTk42cP0iA1rKHZ7FINWcakNJOzUbB9RCfrnfUaX7w5x sUFjLEtvFEvnYZ37WlFTOb1GO6DIdrZpWnOitlNIofnGZRxtfxBthn8Yl8YKbuODg8kq 6zPTWDAGd0yF9GENxV2Bf+6cZjTcKG4aAe9+atAB4aQ3AmL0DothjX/0Y/9p7gF7KGYt OMd4MwEOxjjNXaUqCwVJEGSPMYnefjZahSvJA1KerYWOZgHc0Lq1SHRf5kO3mzuTwPa3 9WkQ== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.204.129.87 with SMTP id n23mr3598756bks.19.1338642045818; Sat, 02 Jun 2012 06:00:45 -0700 (PDT) Received: by 10.204.42.207 with HTTP; Sat, 2 Jun 2012 06:00:45 -0700 (PDT) In-Reply-To: <4FC9C425.9010301@binarywings.net> References: <1338603963.12172.1.camel@moriah> <4FC9C425.9010301@binarywings.net> Date: Sat, 2 Jun 2012 09:00:45 -0400 Message-ID: Subject: Re: [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers From: Michael Mol To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: 8b9dc35d-7350-4e53-955c-6f5607559e44 X-Archives-Hash: a9dc06857ee7f067b9042815d02c8d93 On Sat, Jun 2, 2012 at 3:43 AM, Florian Philipp wrote: > Am 02.06.2012 04:26, schrieb William Kenworthy: >> http://boingboing.net/2012/05/31/lockdown-freeopen-os-maker-p.html >> >> and something I had not considered with the whole idea was even bootable >> cd's and usb keys for rescue will need the same privileges ... [snip] > Okay, enough bashing the article. Some technical question: As I > understand it, if I want to make a live CD or a distribution, all I'd > need to do is to use Fedora's kernel and boot loader? That's not so bad. Or turn off 'secure boot' in the BIOS configuration menu. For Windows 8 certification, a device must _default_ to 'secure boot' being turned on. You're allowed to turn it off, you just can't have programmatic access to turn it off; it has to be done manually. I expect that'll be available in things like motherboards sold directly to end-users. I expect it *won't* be available in whatever the current iteration of Compaq/HP/Packard Hell all-in-one devices is; manufacturers of those devices will still have keys installed to allow debugging and maintenance tools to operate, but their signed tools would only be available to their certified technicians. Does anyone know what crypto hash they're using to sign these things? I imagine it won't be too long (3-4 years, tops) before either the signing key leaks or collision attacks are figured out. -- :wq