Date: Wed, 06 Jun 2012 10:38:41 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: Bruce Cran <bruce@cran.org.uk> Cc: Jerry <jerry@seibercom.net>, FreeBSD <freebsd-questions@FreeBSD.org> Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? Message-ID: <4FCF2521.6090006@FreeBSD.org> In-Reply-To: <4FCF1891.9020006@cran.org.uk> References: <CADy1Ce7MihpmMowc265%2BS_RKorMO3KEKsCgr=pdnjg2jzq-dYQ@mail.gmail.com> <20120605203717.5663bdf7.freebsd@edvax.de> <Pine.GSO.4.64.1206051653120.5642@nber6> <20120605181055.4af65fdb@scorpio> <4FCF0772.8000609@FreeBSD.org> <4FCF1891.9020006@cran.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig8F65C3A1E9F1D2610769384D Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 06/06/2012 09:45, Bruce Cran wrote: > On 06/06/2012 08:32, Matthew Seaman wrote: >> On deeper thought though, the whole idea appears completely unworkable= =2E >> It means that you will not be able to compile your own kernel or >> drivers unless you have access to a signing key. As building your own= >> is pretty fundamental to the FreeBSD project, the logical consequence = is >> that FreeBSD source should come with a signing key for anyone to use. > It just means that anyone wishing to run their own kernels would either= > need to disable secure boot, or purchase/create their own certificate > and install it. Indeed. However disabling secure boot is apparently: * too difficult for users of Fedora * not possible on all platforms (arm based tablets especially) and purchasing your own certificate currently means paying $99 to Microsoft, or else getting a key from the hardware manufacturer (which I very much suspect will not be free either). While I would expect the typical FreeBSD user to be quite capable of disabling secure boot, I know that this is something that will result in realms of questions by new users, alarmist claims that "FreeBSD is not secure" and general glee amongst the "FreeBSD is dying" crowd. This is just another misconceived DRM scheme and suffers from all the same old flaws. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --------------enig8F65C3A1E9F1D2610769384D Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/PJScACgkQ8Mjk52CukIynOgCfUw8ApHCaq1ucLMAQW+FIqNCV mhkAn3d+tD7Q5DOuZYacRtg+RE+x4xmx =INum -----END PGP SIGNATURE----- --------------enig8F65C3A1E9F1D2610769384D--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FCF2521.6090006>