From owner-freebsd-questions@FreeBSD.ORG Tue Jun 5 22:10:59 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A276B10657AC for ; Tue, 5 Jun 2012 22:10:59 +0000 (UTC) (envelope-from jerry@seibercom.net) Received: from mail-gg0-f182.google.com (mail-gg0-f182.google.com [209.85.161.182]) by mx1.freebsd.org (Postfix) with ESMTP id 3C4648FC15 for ; Tue, 5 Jun 2012 22:10:58 +0000 (UTC) Received: by ggnm2 with SMTP id m2so5315897ggn.13 for ; Tue, 05 Jun 2012 15:10:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seibercom.net; s=google; h=date:from:to:subject:message-id:in-reply-to:references:reply-to :organization:x-mailer:face:mime-version:content-type :content-transfer-encoding; bh=foVzKW6plANpGmoMFi2SvpQr42diEQ+cysz3sK6x5ko=; b=oyqMu7Rx24MxSNPFUuStN4b2H/ezLxfZawXiMAhakY1WMKc2z/4XVsrM8EMuLfapqF AsYJ7c1qLnjRWRvDHfkrZEP81207UreGL1hxkpES69EgJgrIP8Lu7EjMfkrxUv8od+JH P2rWDPtdtNkSLc/LBvn4a0o6v4jz5Sm5XO+yQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:reply-to :organization:x-mailer:face:mime-version:content-type :content-transfer-encoding:x-gm-message-state; bh=foVzKW6plANpGmoMFi2SvpQr42diEQ+cysz3sK6x5ko=; b=fIMnTpxfpPo3uQwj8XF8/Hk1bY6/uY8DfM5NtNloAXx9qRC5RFTgCDSTVilNt/PEIJ /rrL6XzvuVE3zfycdDLHwat8eIg26ep/nXgupsQV3WkHgt4ZdUni8n1fFuAPdd1WE+tv 1Ye13pwNBfunO2S8Elx+3XEpz27A5X7cmJ6fHQYLi2tEo7HtwJMReDKUVKOn/3y2lsxy gs3CA8/MppKJrNOyS9qgGd++ou2sSiRB5fZFr1EVJFflcon6bxYN4GR5x6OTpBCIdTkC uMy5530XwfF8/CEaNzTwiRspc6IzlFgcjiMfeMlNCx6naH/7nb6jagwXQVopLomG48Rt lQgQ== Received: by 10.236.74.133 with SMTP id x5mr13103215yhd.126.1338934258513; Tue, 05 Jun 2012 15:10:58 -0700 (PDT) Received: from scorpio.seibercom.net (cpe-076-182-104-150.nc.res.rr.com. [76.182.104.150]) by mx.google.com with ESMTPS id x42sm9601537yhd.3.2012.06.05.15.10.57 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 05 Jun 2012 15:10:57 -0700 (PDT) Received: from scorpio (localhost [127.0.0.1]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jerry@scorpio.seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id 3W6Rzg5sJlz2CG4D for ; Tue, 5 Jun 2012 18:10:55 -0400 (EDT) Date: Tue, 5 Jun 2012 18:10:55 -0400 From: Jerry To: FreeBSD Message-ID: <20120605181055.4af65fdb@scorpio> In-Reply-To: References: <20120605203717.5663bdf7.freebsd@edvax.de> Organization: seibercom.net X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEUAAABYRlwJCw4FAgAIBwKprDkBAQFQLR0BAgCir7VRttp8AAACAUlEQVQ4jZWUTYvbMBCGTVl8V2hX6Gg5G5FbWQdBj0lEfE7BhN4cyzi5Wt1E5L70roWy6N92xok/skkP+5IYrMcz78xIduDWpNM3vFzuA/jX5EY1AI6KHFwW/CzFuQAwqUBbV12p+CzIh6Awq7sg33pn5D64SQXAexffeuQlA/L35RrkaB551OjGfP/cAO8mCNaDcgvfky5ijoD0pAXlCQCnljiAjsJD9Ax05Ko5sZxbnLQcmM+dZg5IjREfZrWIHK0JuwU68pAGwHvfRxBundRzTxxz3r9dNUikPsEihjz2Dc4kjp1hKsJGuot4EDxaxzMoC7XqhxhOSfZrTS6gSX1JVdjp+o1PvWfekXgw3WL0g70nDEwA0H0HQsEZc8sTmFMTkWUfYWC/vdR1zQy3xLQgLwzu90QnlnFLjeiGWBjwhb4Sa42IqOg2qqS4O1/zhKokFUb1Q8Rj4Eb69WVflXEehJ35DgChVTE5n50eaGyMLOfH8AOodoSM4PVYAQgQdBulOa+knklYks3vAuQ+uX492lTl+A+e8qBV2AKoXalVKFfyuUp0pUp1ARaUHh82lv9MN+Ig7CZtgE6FNYvjlywT2VP2dMgOG46gTIWcqdfvuwyXNz0oMJNd/N5lh1YNiJt19ADTUo3VuFSNeQwVqRSrGjSCp53fk2g+Mvfk/gfoPxHeUS8MH9vRAAAAAElFTkSuQmCC Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Gm-Message-State: ALoCoQkNNZy18eFeVG8QDKH125m4q7Dpuje0C1vo1pRUJ4TnxYO00OyakcI5a9OCnl+YLcQjkBiW Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jun 2012 22:10:59 -0000 On Tue, 5 Jun 2012 17:00:14 -0400 (EDT) Daniel Feenberg articulated: >On Tue, 5 Jun 2012, Polytropon wrote: > >> On Tue, 5 Jun 2012 11:19:26 -0700, Kurt Buff wrote: >>> UEFI considerations drive Fedora to pay MSFT to sign their kernel >>> binaries >>> http://cwonline.computerworld.com/t/8035515/1292406/565573/0/ >> >> I may reply with another link: >> http://mjg59.dreamwidth.org/12368.html > >I have a pretty basic question that probably displays some ignorance... > >Does the loader need to be signed? Once signed, can it load anything, >or just things MS has approved? If MS signs the kernel, can the kernel >run anything, or just things MS has approved? If RH has a signed >kernel, do they have to sign all the userland programs that run under >that kernel? Can users sign programs compiled from source? > >If MS only has to sign the first link in the chain, then the $99 >certificate is not really a problem except for the pure of heart. If >MS or someone else has to sign all the way down to the userland >binaries, then users of FreeBSD will have to turn off secure boot in >CMOS, and it will lose a few users. But I can't tell from the >discussions mentioned above. Either way, I don't think it will destroy >FreeBSD, or Linux, but I would be interested anyway. I thought this URL also shown above, answered that question. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________