Is this something we (as consumers of FreeBSD) need to be aware
of?
Jerry
jerry at seibercom.net
Tue Jun 5 22:10:59 UTC 2012
On Tue, 5 Jun 2012 17:00:14 -0400 (EDT)
Daniel Feenberg articulated:
>On Tue, 5 Jun 2012, Polytropon wrote:
>
>> On Tue, 5 Jun 2012 11:19:26 -0700, Kurt Buff wrote:
>>> UEFI considerations drive Fedora to pay MSFT to sign their kernel
>>> binaries
>>> http://cwonline.computerworld.com/t/8035515/1292406/565573/0/
>>
>> I may reply with another link:
>> http://mjg59.dreamwidth.org/12368.html
>
>I have a pretty basic question that probably displays some ignorance...
>
>Does the loader need to be signed? Once signed, can it load anything,
>or just things MS has approved? If MS signs the kernel, can the kernel
>run anything, or just things MS has approved? If RH has a signed
>kernel, do they have to sign all the userland programs that run under
>that kernel? Can users sign programs compiled from source?
>
>If MS only has to sign the first link in the chain, then the $99
>certificate is not really a problem except for the pure of heart. If
>MS or someone else has to sign all the way down to the userland
>binaries, then users of FreeBSD will have to turn off secure boot in
>CMOS, and it will lose a few users. But I can't tell from the
>discussions mentioned above. Either way, I don't think it will destroy
>FreeBSD, or Linux, but I would be interested anyway.
I thought this URL <http://mjg59.dreamwidth.org/12368.html> also shown
above, answered that question.
--
Jerry ♔
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________
More information about the freebsd-questions
mailing list