User: Password:
|
|
Subscribe / Log in / New account

No signed kernel, just a signed boot loader

No signed kernel, just a signed boot loader

Posted Jun 25, 2012 21:28 UTC (Mon) by pboddie (guest, #50784)
In reply to: No signed kernel, just a signed boot loader by raven667
Parent article: Details on Ubuntu's UEFI secure boot plan

Oh sure, you can sign your own payloads and install your own keys, but in practical terms this means that people who buy computers will not only have to put up with what the vendor pre-installed - just like the majority of people won't ever "install Linux over Windows", even though lots of people think that this is a good enough workaround - but they will have yet another barrier if they do ever discover that they could run something else.

And I'm sure it's not beyond the skills of the vendors to make installing one's own keys a near impossibility and then claiming it was an accident for as long as it takes before they can then claim that the product is no longer supported.

So in practical terms, it is all about control. We can discuss technical workarounds as much as we like and deny that the technology imposes any particular restrictions, but the combination of one company's continuous strategy of pushing the regulatory envelope and that technology results in a shoring up of that company's position.

Why else are the distributions jumping through hoops? Because they like a challenge? The practical effect of the misuse of such a technology is as much a fact as any aspect of the "it's OK - I can still boot my kernel" technical discussion.


(Log in to post comments)

No signed kernel, just a signed boot loader

Posted Jun 25, 2012 21:40 UTC (Mon) by raven667 (subscriber, #5198) [Link]

> you can sign your own payloads and install your own keys

So we agree on the substance of the matter. I can't comment on the rest of your post because I can't find any facts or point, just a lot of rhetorical flailing about.

No signed kernel, just a signed boot loader

Posted Jun 26, 2012 11:03 UTC (Tue) by pboddie (guest, #50784) [Link]

Oh well, let this be another place on the Internet I have to go back to at some point in the future and write "I told you so" for all the good that actually does. Nothing to see here, I guess: keep staring at the bits and bytes.

No signed kernel, just a signed boot loader

Posted Jun 26, 2012 18:10 UTC (Tue) by marcH (subscriber, #57642) [Link]

> > you can sign your own payloads and install your own keys

> So we agree on the substance of the matter. I can't comment on the rest of your post because I can't find any facts or point, just a lot of rhetorical flailing about.

Too bad things are not that obvious to Fedora and Canonical. They should have hired you and saved a lot of effort.

No signed kernel, just a signed boot loader

Posted Jun 26, 2012 19:14 UTC (Tue) by raven667 (subscriber, #5198) [Link]

Oh har har har, Mr Sarcastic guy. In any event I am merely relating the understanding and rationale that Fedora and Canonical have publicly written. The fact that the OP doesn't seem to want to read or understand that is the issue I'm trying to correct.

Foolish on my part I suppose. http://xkcd.com/386/


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds