Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 5 Jun 2012 18:10:55 -0400
From:      Jerry <jerry@seibercom.net>
To:        FreeBSD <freebsd-questions@freebsd.org>
Subject:   Re: Is this something we (as consumers of FreeBSD) need to be aware of?
Message-ID:  <20120605181055.4af65fdb@scorpio>
In-Reply-To: <Pine.GSO.4.64.1206051653120.5642@nber6>
References:  <CADy1Ce7MihpmMowc265%2BS_RKorMO3KEKsCgr=pdnjg2jzq-dYQ@mail.gmail.com> <20120605203717.5663bdf7.freebsd@edvax.de> <Pine.GSO.4.64.1206051653120.5642@nber6>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 5 Jun 2012 17:00:14 -0400 (EDT)
Daniel Feenberg articulated:

>On Tue, 5 Jun 2012, Polytropon wrote:
>
>> On Tue, 5 Jun 2012 11:19:26 -0700, Kurt Buff wrote:
>>> UEFI considerations drive Fedora to pay MSFT to sign their kernel
>>> binaries
>>> http://cwonline.computerworld.com/t/8035515/1292406/565573/0/
>>
>> I may reply with another link:
>> http://mjg59.dreamwidth.org/12368.html
>
>I have a pretty basic question that probably displays some ignorance...
>
>Does the loader need to be signed? Once signed, can it load anything,
>or just things MS has approved? If MS signs the kernel, can the kernel
>run anything, or just things MS has approved? If RH has a signed
>kernel, do they have to sign all the userland programs that run under
>that kernel? Can users sign programs compiled from source?
>
>If MS only has to sign the first link in the chain, then the $99 
>certificate is not really a problem except for the pure of heart. If
>MS or someone else has to sign all the way down to the userland
>binaries, then users of FreeBSD will have to turn off secure boot in
>CMOS, and it will lose a few users. But I can't tell from the
>discussions mentioned above. Either way, I don't think it will destroy
>FreeBSD, or Linux, but I would be interested anyway.

I thought this URL <http://mjg59.dreamwidth.org/12368.html>; also shown
above, answered that question.

-- 
Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120605181055.4af65fdb>