Date: Wed, 6 Jun 2012 06:24:37 -0400 From: Jerry <jerry@seibercom.net> To: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? Message-ID: <20120606062437.41f48a9e@scorpio> In-Reply-To: <4FCF2521.6090006@FreeBSD.org> References: <CADy1Ce7MihpmMowc265%2BS_RKorMO3KEKsCgr=pdnjg2jzq-dYQ@mail.gmail.com> <20120605203717.5663bdf7.freebsd@edvax.de> <Pine.GSO.4.64.1206051653120.5642@nber6> <20120605181055.4af65fdb@scorpio> <4FCF0772.8000609@FreeBSD.org> <4FCF1891.9020006@cran.org.uk> <4FCF2521.6090006@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/u4TyT_XnOlRfOgzcMy2iMKz Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, 06 Jun 2012 10:38:41 +0100 Matthew Seaman articulated: >On 06/06/2012 09:45, Bruce Cran wrote: >> On 06/06/2012 08:32, Matthew Seaman wrote: >>> On deeper thought though, the whole idea appears completely >>> unworkable. It means that you will not be able to compile your own >>> kernel or drivers unless you have access to a signing key. As >>> building your own is pretty fundamental to the FreeBSD project, the >>> logical consequence is that FreeBSD source should come with a >>> signing key for anyone to use. > >> It just means that anyone wishing to run their own kernels would >> either need to disable secure boot, or purchase/create their own >> certificate and install it. > >Indeed. However disabling secure boot is apparently: > > * too difficult for users of Fedora > > * not possible on all platforms (arm based tablets especially) > >and purchasing your own certificate currently means paying $99 to >Microsoft, or else getting a key from the hardware manufacturer (which >I very much suspect will not be free either). I think you are in error there Matthew. From what I have read The $99 goes to Verisign, not Microsoft - further once paid you can sign as many binaries as you want. >While I would expect the typical FreeBSD user to be quite capable of >disabling secure boot, I know that this is something that will result >in realms of questions by new users, alarmist claims that "FreeBSD is >not secure" and general glee amongst the "FreeBSD is dying" crowd. > >This is just another misconceived DRM scheme and suffers from all the >same old flaws. I don't feel this is misconceived at all. Again, from what I have read, most non-Microsoft operating systems have been able to use UEFI Secure Boot for nearly eight years; however, they have actively refused to do so. However, now Microsoft has stepped up to the plate and is actively taking advantage of the scheme. Actually, Microsoft has been issuing warnings for ten years when a user would attempt to install unsigned drivers. Now the FOSS community is getting its knickers in a knot. They should have taken this into account a long time ago. In any case, we are talking $99 dollars total, not per user here for the certificate. If that is going to cause a problem, I'll donate the $99. In any case, the real problem appears to be how FreeBSD is going to handle drivers which apparently will need to be signed since they work at the kernel level. Apparently Fedora has a working solution for that all ready. --=20 Jerry =E2=99=94 Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ --Sig_/u4TyT_XnOlRfOgzcMy2iMKz Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBAgAGBQJPzy/vAAoJEF2rWD2do7dNzlcH/i63zCu7cxfLV2yuifTwdZ9Q rIjglwHfcxYzssiYIwAEzEqcmnKsn9qaRZYfnWR6h7jD8N0bPcVssU997Vh19CDx fCNikboXXFpva6kMRYLZFHyKczUU9eyRkqBiJ0H4nsz+w35kFugve0wdzodMoha/ ifsrHwTp/DyzV1LhCSnnag+HsfF5C6REualrNdS5ymGYV0izvynD6hAqpGaBwVMn KMYDdZ9koNzpRx8momK9SE067fEj4yjx2ayrL/INMQ9jjqQoYpuGCmkiiH5Fl7/B Nc5HgIcTXNpSr5yC+5ePjagQpGSYgzadfKBZyV30o7WAPyELB0sLWP8jSBfjvS8= =nZT9 -----END PGP SIGNATURE----- --Sig_/u4TyT_XnOlRfOgzcMy2iMKz--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120606062437.41f48a9e>