<div dir="ltr">Setting aside the amusing political debates and going back to the original topic - what's the actual status of the UEFI boot issue?<br><br>(Following up on the link from Tzafrir's post:<a href="http://mjg59.dreamwidth.org/6503.html" target="_blank"> http://mjg59.dreamwidth.org/6503.html</a>, see my comments below )<br>
<br><div class="gmail_quote">On Mon, Oct 24, 2011 at 1:56 AM, Amos Shapira <span dir="ltr"><<a href="mailto:amos.shapira@gmail.com">amos.shapira@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
On 23 October 2011 22:06, geoffrey mendelson<br>
<div class="im"><<a href="mailto:geoffreymendelson@gmail.com">geoffreymendelson@gmail.com</a>> wrote:<br>
><br>
> On Oct 23, 2011, at 12:28 PM, Shlomi Fish wrote:<br>
>><br>
>> The Free Software Foundation started a campaign called “Stand up for your<br>
>> freedom to install free software!” about Microsoft's plan to enforce<br>
>> “Secure Boot” in the installations of Windows 8, which will prevent people<br>
>> from being able to boot into GNU/Linux, one of the BSD variants, or other<br>
>> operating systems. You can sign it here:<br>
>><br>
>> <a href="http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement" target="_blank">http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement</a><br>
><br>
><br>
> It's pure FUD.<br>
> "we are concerned that Microsoft and hardware manufacturers will implement<br>
> these boot restrictions in a way that will prevent users from booting<br>
> anything other than Windows."<br>
><br>
> Not that they are, or saying they will, or even hinted they will.<br>
<br>
</div>I didn't follow the detail but a few weeks ago this made a noise on<br>
Slashdot and as far as I'm aware Microsoft issued a statement which<br>
calmed down the activists and it became a none-issue. I didn't follow<br>
it closely so I might be wrong.<br>
<div class="im"><br></div></blockquote><div><br></div>Can you help locating the MS statement that you describe?<br></div><br>Some relevant details, described in Mathew Garett's post (thanks Tzafrir for the link), and some of the replies there: <br>
<br>1. Problems with the proposed UEFI boot standard boil down to the fact that it lacks any means to allow the *owner of the hardware* to edit the list of trusted keys (load new keys, delete old ones).<br><br>2. It seems to me that some aspects of this are in fact a security issue, which should also be in the interest of Microsoft to solve (e.g. they would probably want some means to recover in case one of their keys get stolen).<br>
<br>3. Some solution to the problem (a mechanism for loading keys from specially formatted removable media) will be (is being) suggested by Garrett to UEFI during this week's "plugfest" <a href="http://www.uefi.org/events/">http://www.uefi.org/events/</a><br>
<br>4. Readers of this group should be interested to know that this solution (whatever other advantages/disadvantages it might have) would allow you to end up being able to boot kernels (or bootloaders) that you compiled yourself and signed with your own private key.<br>
<br>Hence: if that MS statement contained some indication that Microsoft would support such a solution, indeed I see no serious reason to worry.<br>Either way, we should follow closely for reports from the plugfest conclusions next week.<br>
<br> AA<br><br></div>