Date: Tue, 5 Jun 2012 18:10:55 -0400 From: Jerry <jerry@seibercom.net> To: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? Message-ID: <20120605181055.4af65fdb@scorpio> In-Reply-To: <Pine.GSO.4.64.1206051653120.5642@nber6> References: <CADy1Ce7MihpmMowc265%2BS_RKorMO3KEKsCgr=pdnjg2jzq-dYQ@mail.gmail.com> <20120605203717.5663bdf7.freebsd@edvax.de> <Pine.GSO.4.64.1206051653120.5642@nber6>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 5 Jun 2012 17:00:14 -0400 (EDT) Daniel Feenberg articulated: >On Tue, 5 Jun 2012, Polytropon wrote: > >> On Tue, 5 Jun 2012 11:19:26 -0700, Kurt Buff wrote: >>> UEFI considerations drive Fedora to pay MSFT to sign their kernel >>> binaries >>> http://cwonline.computerworld.com/t/8035515/1292406/565573/0/ >> >> I may reply with another link: >> http://mjg59.dreamwidth.org/12368.html > >I have a pretty basic question that probably displays some ignorance... > >Does the loader need to be signed? Once signed, can it load anything, >or just things MS has approved? If MS signs the kernel, can the kernel >run anything, or just things MS has approved? If RH has a signed >kernel, do they have to sign all the userland programs that run under >that kernel? Can users sign programs compiled from source? > >If MS only has to sign the first link in the chain, then the $99 >certificate is not really a problem except for the pure of heart. If >MS or someone else has to sign all the way down to the userland >binaries, then users of FreeBSD will have to turn off secure boot in >CMOS, and it will lose a few users. But I can't tell from the >discussions mentioned above. Either way, I don't think it will destroy >FreeBSD, or Linux, but I would be interested anyway. I thought this URL <http://mjg59.dreamwidth.org/12368.html>; also shown above, answered that question. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120605181055.4af65fdb>