|
|
|
| Authored by: Anonymous on Friday, November 23 2012 @ 02:58 PM EST |
I agree, doing nothing won't help the situation either, but
I think with secure boot MS has set the FOSS community a
trap that can't be escaped simply by coding around it; shim
might seem like a pragmatic short-term solution, but having
to rely on MS's largesse each time I want to boot a computer
really doesn't appeal to me at all.
To my mind, a better long-term solution would need someone
company-neutral and widely respected within the FOSS
community to work with the motherboard manufacturers to get
their own keys enrolled at the same level as Microsoft's.
This entity would then do the job of validating and signing
for the rest of the community.
This still wouldn't be an ideal situation, but it would at
least mean we don't have to rely on a company with a well-
known vendetta against Free Software.
The obvious problem with this scheme is who could perform
such a role - one option would be the Linux Foundation, but
I'm not sure if they would have sufficient influence (I
would like to be proved wrong though!). I can't imagine
that the various manufacturers would be interested in adding
keys for each and every distro out there, so I think that
delegating that administration to a central trustworthy
entity would be the best compromise. Having one large,
well-backed entity requesting that their key be enrolled
would hopefully have more sway with the manufacturers - if a
'one for all and all for one deal' could be agreed where a
manufacturer would agree to ship all their secure boot
devices with this key and then their customers could run
Android or Red Hat or Ubuntu etc, then I'm sure that would
be more attractive to them than having to individually work
with each distro. It would also mean that the desirability
of the big name distros could help the smaller distros who
might otherwise by marginalised.
I suspect that we will see some hybrid of both approaches,
where the shim bootloader is used as a stop-gap measure
until something more satisfactory can be negotiated with the
manufacturers. That doesn't mean that I like the idea of
having to get permission to be able to boot my PC.[ Reply to This | Parent | # ]
|
| |
| Authored by: BJ on Friday, November 23 2012 @ 07:07 PM EST |
Had it not been for the time Apple is demanding, in its litigation salvoes
against Linux, in your management of your site, I would NOT have believed this
would do as your best, serious, and complete response to the travesty, to the
stranglehold in broad daylight, with lookers-on, amongst whom governments, that
is UEFI.
UEFI, that itself could well have been a very prominent topic on your site, were
it not (I interpret) for the aforementioned reasons (although, myself, thinking
about priority-levels between these topics, might be hard pressed not to award
somewhat or possibly even a lot more to UEFI [after all, UEFI is a device of
divide and conquer, while in the end Google, and Samsung, will be able to stand
up for themselves neatly]).
In short -- I cannot believe this here is your answer.
bjd
P.S.
Want the header line explained? Prod me!
[ Reply to This | Parent | # ]
|
|
|
|
|
