From owner-freebsd-questions@FreeBSD.ORG  Wed Jun  6 09:38:53 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7222F1065677
	for <freebsd-questions@FreeBSD.org>;
	Wed,  6 Jun 2012 09:38:53 +0000 (UTC)
	(envelope-from matthew@FreeBSD.org)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78])
	by mx1.freebsd.org (Postfix) with ESMTP id EFA208FC1E
	for <freebsd-questions@FreeBSD.org>;
	Wed,  6 Jun 2012 09:38:52 +0000 (UTC)
Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk
	[81.187.76.163]) (authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id
	q569clXu077145
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Wed, 6 Jun 2012 10:38:48 +0100 (BST)
	(envelope-from matthew@FreeBSD.org)
X-DKIM: OpenDKIM Filter v2.5.2 smtp.infracaninophile.co.uk q569clXu077145
Authentication-Results: smtp.infracaninophile.co.uk/q569clXu077145;
	dkim=none (no signature); dkim-adsp=none
Message-ID: <4FCF2521.6090006@FreeBSD.org>
Date: Wed, 06 Jun 2012 10:38:41 +0100
From: Matthew Seaman <matthew@FreeBSD.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
	rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Bruce Cran <bruce@cran.org.uk>
References: <CADy1Ce7MihpmMowc265+S_RKorMO3KEKsCgr=pdnjg2jzq-dYQ@mail.gmail.com>
	<20120605203717.5663bdf7.freebsd@edvax.de>
	<Pine.GSO.4.64.1206051653120.5642@nber6>
	<20120605181055.4af65fdb@scorpio>
	<4FCF0772.8000609@FreeBSD.org> <4FCF1891.9020006@cran.org.uk>
In-Reply-To: <4FCF1891.9020006@cran.org.uk>
X-Enigmail-Version: 1.4.1
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig8F65C3A1E9F1D2610769384D"
X-Virus-Scanned: clamav-milter 0.97.4 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00
	autolearn=ham version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	lucid-nonsense.infracaninophile.co.uk
Cc: Jerry <jerry@seibercom.net>, FreeBSD <freebsd-questions@FreeBSD.org>
Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware
 of?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jun 2012 09:38:53 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig8F65C3A1E9F1D2610769384D
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 06/06/2012 09:45, Bruce Cran wrote:
> On 06/06/2012 08:32, Matthew Seaman wrote:
>> On deeper thought though, the whole idea appears completely unworkable=
=2E
>>   It means that you will not be able to compile your own kernel or
>> drivers unless you have access to a signing key.  As building your own=

>> is pretty fundamental to the FreeBSD project, the logical consequence =
is
>> that FreeBSD source should come with a signing key for anyone to use.

> It just means that anyone wishing to run their own kernels would either=

> need to disable secure boot, or purchase/create their own certificate
> and install it.

Indeed.  However disabling secure boot is apparently:

   * too difficult for users of Fedora

   * not possible on all platforms (arm based tablets especially)

and purchasing your own certificate currently means paying $99 to
Microsoft, or else getting a key from the hardware manufacturer (which I
very much suspect will not be free either).

While I would expect the typical FreeBSD user to be quite capable of
disabling secure boot, I know that this is something that will result in
realms of questions by new users, alarmist claims that "FreeBSD is not
secure" and general glee amongst the "FreeBSD is dying" crowd.

This is just another misconceived DRM scheme and suffers from all the
same old flaws.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey



--------------enig8F65C3A1E9F1D2610769384D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/PJScACgkQ8Mjk52CukIynOgCfUw8ApHCaq1ucLMAQW+FIqNCV
mhkAn3d+tD7Q5DOuZYacRtg+RE+x4xmx
=INum
-----END PGP SIGNATURE-----

--------------enig8F65C3A1E9F1D2610769384D--