User: Password:
|
|
Subscribe / Log in / New account

SUSE and Secure Boot: The Details (SUSE Blog)

SUSE and Secure Boot: The Details (SUSE Blog)

Posted Aug 12, 2012 0:55 UTC (Sun) by mmorrow (guest, #83845)
In reply to: SUSE and Secure Boot: The Details (SUSE Blog) by geofft
Parent article: SUSE and Secure Boot: The Details (SUSE Blog)

> (and you cannot even run OS X legally on a non-Mac, so that argument
> is moot).

;)

> It's only about _custom_ kernels.

By "custom kernel" you mean "kernel which has not been signed with a
private key which a user will not have access to". Said this way, it
sounds much less benign.


(Log in to post comments)

SUSE and Secure Boot: The Details (SUSE Blog)

Posted Aug 12, 2012 4:22 UTC (Sun) by geofft (subscriber, #59789) [Link]

An individual user who wants to recompile (or merely re-sign) their kernel has every ability to turn off Secure Boot in their BIOS menu. This is only about what people boot out of the box, and I can't really see the problem if all semi-popular Linux distros get an MS-signed shimloader with their private key embedded.

It's certainly morally offensive, but not hugely practically problematic -- nobody installs a custom kernel the first time they install Linux.

SUSE and Secure Boot: The Details (SUSE Blog)

Posted Aug 12, 2012 6:42 UTC (Sun) by tzafrir (subscriber, #11501) [Link]

But many users build kernel modules (look for dkms packages).

Furthermore, it makes creating a custom distribution with any changes to the kernel (including modules, and also to grub's configuration, including its screen?) a whole lot more difficult. Which means you'll have less custom Linux distributions.

SUSE and Secure Boot: The Details (SUSE Blog)

Posted Aug 16, 2012 15:50 UTC (Thu) by jschrod (subscriber, #1646) [Link]

But many people want to install NVidias proprietary graphics driver kernel module, since they are the only way to get full support for the respective hardware.

And I think it's wrong to assume that this module will get signatures for all Linux distribution schemes that are out there.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds