|
|
|
| Authored by: jbb on Friday, March 01 2013 @ 11:28 PM EST |
| That's fine if you are creating everything yourself (like Linus) but don't you
see a need for being able to trust someone besides yourself or Microsoft? ISTM
that is what MG is talking about.
The idea is that you can put your
distro's public key into your firmware and then the system will only trust code
signed by the distro's private key. You can add your own key so the system
will trust anything by your distro and anything you sign yourself.
Even if you
don't want to use such a solution yourself, can't you see that there might be a
large and legitimate demand for something like this?
In order for this to
happen, the kernel needs to copy (and use) keys from the firmware. This is what
Linus is objecting to. As long as the user/owner has control of those keys I
don't see what the problem is.
---
Our job is to remind ourselves that
there are more contexts
than the one we’re in now — the one that we think is reality.
-- Alan Kay [ Reply to This | Parent | # ]
|
- No - Authored by: Anonymous on Saturday, March 02 2013 @ 03:44 PM EST
- No - Authored by: PJ on Saturday, March 02 2013 @ 04:25 PM EST
- Here is a link that might help..... - Authored by: dacii on Saturday, March 02 2013 @ 06:21 PM EST
- No - Authored by: AntiFUD on Saturday, March 02 2013 @ 06:38 PM EST
- No - Authored by: PJ on Saturday, March 02 2013 @ 09:26 PM EST
- No - Authored by: Wol on Saturday, March 02 2013 @ 08:01 PM EST
- No - Authored by: PJ on Saturday, March 02 2013 @ 09:25 PM EST
- Yes - Authored by: Anonymous on Saturday, March 02 2013 @ 09:46 PM EST
- Yes - Authored by: PJ on Sunday, March 03 2013 @ 01:39 AM EST
- Yes - Authored by: Anonymous on Sunday, March 03 2013 @ 02:53 AM EST
- LVM - Authored by: artp on Saturday, March 02 2013 @ 11:18 PM EST
- No - Authored by: Anonymous on Sunday, March 03 2013 @ 02:01 PM EST
- USB disks, Knoppix and DD - Authored by: cricketjeff on Sunday, March 03 2013 @ 04:53 PM EST
- imho, dont use lvm on laptops - Authored by: Anonymous on Monday, March 04 2013 @ 07:58 AM EST
- I agree with you - Authored by: jbb on Sunday, March 03 2013 @ 07:54 AM EST
- I agree with you - Authored by: Anonymous on Sunday, March 03 2013 @ 03:30 PM EST
- I agree with you - Authored by: Anonymous on Sunday, March 03 2013 @ 11:16 PM EST
- It has to be user-specific keys. - Authored by: cassini2006 on Sunday, March 03 2013 @ 04:04 PM EST
| |
| Authored by: Anonymous on Saturday, March 02 2013 @ 07:20 AM EST |
| Agreed, "This is all a huge waste of time.". [ Reply to This | Parent | # ]
|
| |
| Authored by: Anonymous on Saturday, March 02 2013 @ 01:58 PM EST |
b) To deliver a computer that ... Microsoft trusts, such that you
can't steal their precious DRM protected products.
From what I
understand, the primary way of pirating MS Windows 7 currently is to run a shim
loader that in turn loads Windows 7 and satisfies all its copy protection
checks. A computer that only uses UEFI secure boot would prevent that as
the shim loader would either not be signed in the first place, or could be black
listed later (as part of a Windows update). That would lock down PCs to the same
degree as consoles.
At the moment, UEFI is optional on x86 PCs. That
however is because MS Windows XP is still under official support and still
widely used in business, so there has to be some transition period where PCs
will support both traditional BIOS and UEFI secure boot.
After Windows
XP is out of support and business use has dropped to negligible levels (one will
follow the other quite closely), then there will be no need for traditional
BIOS. MS Windows Vista has already been airbrushed out of the official Microsoft
history like Stalin's colleagues were from party photographs, so it doesn't
matter. Once Windows XP is gone, Microsoft can change the requirements for
Windows 9 or Windows 10 to require that only UEFI secure boot is
possible. At that point, PCs will be locked down like game
consoles.
Indeed there may be no need for Microsoft to officially
require PCs makers to stop supporting "unlocked" PCs. Once Microsoft no longer
make it an official requirement that Pcs can be unlocked, the PC makers will
delete that firmware themselves as a cost saving. Either that, or those
functions simply won't work because nobody at the PC makers will care enough
about them to make them work. There are already PCs on the market which
will not boot most Linux distros even if the PC is unlocked because the boot
firmware menu checks to only allow either Microsoft Windows or Red Hat Linux.
In the long run, the only guaranty that desktop and laptop computers
will be able to boot Linux is if there are enough people using it to make it a
worthwhile market for at least some vendors and if there is an alternative
firmware available that is easy to install. If that doesn't happen, then the
only way you will be able to use Linux in future is on a server, tablet, or
phone.
[ Reply to This | Parent | # ]
|
|
|
|
|
