[Discuss] Fighting UEFI
Richard Pieri
richard.pieri at gmail.com
Sun Jul 29 13:03:31 EDT 2012
On 7/29/2012 8:11 AM, Jerry Feldman wrote:
> So far RedHat is the only Linux vendor that has signed an agreement with
> Microsoft so that Fedora 18 will install out of the box. (A discussion
> hs at http://mjg59.dreamwidth.org/12368.html).
Canonical has a proposal for using Intel's efilinux loader, which is
signed, to chain-load an unsigned secondary loader like GRUB2 or an
unsigned kernel image:
https://lists.ubuntu.com/archives/ubuntu-devel/2012-June/035445.html
I like Canonical's approach. It retains all of the benefits of the
Secure Boot environment if you want them. It provides a simple
workaround in case an OEM mistakenly ships a computer that can't have
Secure Boot disabled (and this *is* a mistake on x86 according to
Microsoft's Windows 8 sticker requirements). It lets you boot your own
custom kernels and load binary blob drivers as desired without requiring
a signing key of your own. It doesn't compromise the key
infrastructure. Wins all around.
--
Rich P.
More information about the Discuss
mailing list