From owner-freebsd-questions@FreeBSD.ORG  Wed Jun  6 08:45:08 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 5FDD91065674;
	Wed,  6 Jun 2012 08:45:08 +0000 (UTC)
	(envelope-from bruce@cran.org.uk)
Received: from muon.cran.org.uk (muon.cran.org.uk
	[IPv6:2a01:348:0:15:5d59:5c40:0:1])
	by mx1.freebsd.org (Postfix) with ESMTP id D4DC88FC0C;
	Wed,  6 Jun 2012 08:45:07 +0000 (UTC)
Received: from muon.cran.org.uk (localhost [127.0.0.1])
	by muon.cran.org.uk (Postfix) with ESMTP id 138F8E63FA;
	Wed,  6 Jun 2012 09:45:49 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cran.org.uk; h=message-id
	:date:from:mime-version:to:cc:subject:references:in-reply-to
	:content-type:content-transfer-encoding; s=mail; bh=K5fu7GHSjIiQ
	nR5L/NmgDBG0D7Q=; b=vSOy4A4y+7aUrzE9Nj/OuUqy4V/Jpcje7OVUG8WbEyOp
	KuSeI7p0TFaZcR51qQ0spXMg5kfu7UzEqRYw2wNtaCeQWXW30taYojR2zJONtbaV
	au1gt1/iPRXz9EavLu0asMhvREA3YN+4pclNlOsAwbxgs+DfKfFCcHRFGKTii4c=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cran.org.uk; h=message-id
	:date:from:mime-version:to:cc:subject:references:in-reply-to
	:content-type:content-transfer-encoding; q=dns; s=mail; b=ynA0y/
	PDIz0LGcdmkGboAHYhmxrQr5BlzFsPqhHkwVUBK2aG3dWiv59xNvCAX7bbgVWIs/
	YVj/CWviZzhU27YnYyV7keFqAe/6s9ZlluliF2INpVTo0yM4zM15i/s5NzK7eEme
	vj+2RIUadTAV5OORFG2m2SLYJ1kUyz5HSMlbo=
Received: from [192.168.2.11] (unknown [93.89.81.205])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by muon.cran.org.uk (Postfix) with ESMTPSA id E1BA1E63D1;
	Wed,  6 Jun 2012 09:45:48 +0100 (BST)
Message-ID: <4FCF1891.9020006@cran.org.uk>
Date: Wed, 06 Jun 2012 09:45:05 +0100
From: Bruce Cran <bruce@cran.org.uk>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
	rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Matthew Seaman <matthew@FreeBSD.org>
References: <CADy1Ce7MihpmMowc265+S_RKorMO3KEKsCgr=pdnjg2jzq-dYQ@mail.gmail.com>
	<20120605203717.5663bdf7.freebsd@edvax.de>
	<Pine.GSO.4.64.1206051653120.5642@nber6>
	<20120605181055.4af65fdb@scorpio> <4FCF0772.8000609@FreeBSD.org>
In-Reply-To: <4FCF0772.8000609@FreeBSD.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Jerry <jerry@seibercom.net>, FreeBSD <freebsd-questions@FreeBSD.org>
Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware
 of?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jun 2012 08:45:08 -0000

On 06/06/2012 08:32, Matthew Seaman wrote:
> On deeper thought though, the whole idea appears completely unworkable.
>   It means that you will not be able to compile your own kernel or
> drivers unless you have access to a signing key.  As building your own
> is pretty fundamental to the FreeBSD project, the logical consequence is
> that FreeBSD source should come with a signing key for anyone to use.

It just means that anyone wishing to run their own kernels would either 
need to disable secure boot, or purchase/create their own certificate 
and install it.

-- 
Bruce Cran