[Discuss] Fighting UEFI

Jerry Feldman gaf at blu.org
Mon Jul 30 07:39:14 EDT 2012


On 07/29/2012 01:03 PM, Richard Pieri wrote:
> On 7/29/2012 8:11 AM, Jerry Feldman wrote:
>> So far RedHat is the only Linux vendor that has signed an agreement with
>> Microsoft so that Fedora 18 will install out of the box. (A discussion
>> hs at http://mjg59.dreamwidth.org/12368.html).
>
> Canonical has a proposal for using Intel's efilinux loader, which is
> signed, to chain-load an unsigned secondary loader like GRUB2 or an
> unsigned kernel image:
> https://lists.ubuntu.com/archives/ubuntu-devel/2012-June/035445.html
>
> I like Canonical's approach.  It retains all of the benefits of the
> Secure Boot environment if you want them.  It provides a simple
> workaround in case an OEM mistakenly ships a computer that can't have
> Secure Boot disabled (and this *is* a mistake on x86 according to
> Microsoft's Windows 8 sticker requirements).  It lets you boot your
> own custom kernels and load binary blob drivers as desired without
> requiring a signing key of your own.  It doesn't compromise the key
> infrastructure.  Wins all around.
>
I think their approach is workable also.

-- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id:3BC1EB90 
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90




More information about the Discuss mailing list