LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora, secure boot, and an insecure future

Fedora, secure boot, and an insecure future

Posted Jun 8, 2012 9:56 UTC (Fri) by ballombe (subscriber, #9523)
In reply to: Fedora, secure boot, and an insecure future by raven667
Parent article: Fedora, secure boot, and an insecure future

> Only if you want to be signed by the existing Verisign/MS authority, you can always be your own authority and have the end-user load keys in by hand.

So far no evidence that 'loading key by hand' will be actually possible has been provided, and indeed this is one of the premise of the Fedora decision. You cannot have it both way.

(Log in to post comments)

Fedora, secure boot, and an insecure future

Posted Jun 8, 2012 16:54 UTC (Fri) by raven667 (subscriber, #5198) [Link]

Hardware with the Win8 logo will be shipping with secure boot enabled by default, the MS keys loaded by default and must have the option to disable secure boot, they may also have the option to load their own keys. Fedora will be having their bootloader signed by MS because it's user-unfriendly to require a trip to the firmware to modify secure boot settings before booting an install CD. If you want to install custom software or older software (Win7 or whatever) you will have to fiddle with the firmware in any case.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds