From owner-freebsd-questions@FreeBSD.ORG Wed Jun 6 09:46:39 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 692D81065673; Wed, 6 Jun 2012 09:46:39 +0000 (UTC) (envelope-from m.e.sanliturk@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 143978FC0C; Wed, 6 Jun 2012 09:46:38 +0000 (UTC) Received: by obcni5 with SMTP id ni5so13066899obc.13 for ; Wed, 06 Jun 2012 02:46:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=V2BUCtKXTV/jD2tKAnqijJWazS+7I5Cp4NMWEd+yHds=; b=joTL/g9p5IEm3iS+QrkE2A3kkbeYkB050UbOiDl7fdU+N/MnePSWa5oIP/rd4no+Cu wR/3qXr3a27KbVt0zaK3tmsYrKRYLFXNeEpld/ct77zI/OnP0oypMsYkJL4tu7yURUow Bw8633TJZntOn7EIwy8FQiyHZ11NRjaPLFpP35PVTpbcBKq6Xppf6/Z8cMnVuEs4hOx6 BtEueBtzzUp+vM50r4C0cmjQ5O4zYPPuxMfWZUmvemNm5j894cypUQM877yqjc316hCc yj8SVnaFezIYV5KffDCFId/5Z0ToW5T0zB79tyR5WQYffg/pAzA/52pPLQ5hhI/5amlo fZWA== MIME-Version: 1.0 Received: by 10.60.20.70 with SMTP id l6mr20050512oee.38.1338975998517; Wed, 06 Jun 2012 02:46:38 -0700 (PDT) Received: by 10.182.53.1 with HTTP; Wed, 6 Jun 2012 02:46:38 -0700 (PDT) In-Reply-To: <4FCF2521.6090006@FreeBSD.org> References: <20120605203717.5663bdf7.freebsd@edvax.de> <20120605181055.4af65fdb@scorpio> <4FCF0772.8000609@FreeBSD.org> <4FCF1891.9020006@cran.org.uk> <4FCF2521.6090006@FreeBSD.org> Date: Wed, 6 Jun 2012 02:46:38 -0700 Message-ID: From: Mehmet Erol Sanliturk To: Matthew Seaman Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Bruce Cran , Jerry , FreeBSD Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 09:46:39 -0000 On Wed, Jun 6, 2012 at 2:38 AM, Matthew Seaman wrote: > On 06/06/2012 09:45, Bruce Cran wrote: > > On 06/06/2012 08:32, Matthew Seaman wrote: > >> On deeper thought though, the whole idea appears completely unworkable. > >> It means that you will not be able to compile your own kernel or > >> drivers unless you have access to a signing key. As building your own > >> is pretty fundamental to the FreeBSD project, the logical consequence is > >> that FreeBSD source should come with a signing key for anyone to use. > > > It just means that anyone wishing to run their own kernels would either > > need to disable secure boot, or purchase/create their own certificate > > and install it. > > Indeed. However disabling secure boot is apparently: > > * too difficult for users of Fedora > > * not possible on all platforms (arm based tablets especially) > > and purchasing your own certificate currently means paying $99 to > Microsoft, or else getting a key from the hardware manufacturer (which I > very much suspect will not be free either). > > While I would expect the typical FreeBSD user to be quite capable of > disabling secure boot, I know that this is something that will result in > realms of questions by new users, alarmist claims that "FreeBSD is not > secure" and general glee amongst the "FreeBSD is dying" crowd. > > This is just another misconceived DRM scheme and suffers from all the > same old flaws. > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. > PGP: http://www.infracaninophile.co.uk/pgpkey > > > http://www.infoworld.com/t/hacking/tech-behind-flame-attack-could-compromise-microsoft-update-194867 Thank you very much . Mehmet Erol Sanliturk