[prev in list] [next in list] [prev in thread] [next in thread]
List: centos
Subject: Re: [CentOS] Boot failed on latest CentOS 7 update
From: John Pierce <jhn.pierce () gmail ! com>
Date: 2020-08-02 18:54:51
Message-ID: CAJnkzX+oHDmMZEdkQJCCpqqXcx1TSNLLFwn4v5U5r-sG4y6vAQ () mail ! gmail ! com
[Download RAW message or body]
On Sun, Aug 2, 2020 at 11:45 AM Phil Perry <pperry@elrepo.org> wrote:
> On 02/08/2020 16:26, Valeri Galtsev wrote:
> >
> > On the side note: it is Microsoft that signs one of Linux packages now.
> We seem to have made one more step away from "our" computers being _our
> computers_. Am I wrong?
> >
> > Valeri
> >
>
> Microsoft are the Certificate Authority for SecureBoot and most
> SB-enabled hardware (most x86 hardware) comes with a copy of the
> Microsoft key preinstalled allowing binaries that are signed by
> Microsoft to work. In the case of linux, that is the shim which becomes
> the root of trust to load everything else. If you are not happy with
> that you can always become your own certificate authority by generating
> your own keys, install your signing keys in the hardware's firmware (MOK
> list) and sign stuff yourself to use on your own machine(s).
>
> However if you wish to distribute stuff to others and have it work
> seamlessly on hardware outside of your direct control and without the
> need for every user to import your CA SecureBoot signing key into the
> MOK list on every device, you would rely on Microsoft to sign SB related
> content.
>
>
now, does Microsoft have to sign each released module themselves, or will
they issue a CA cert to an authorized OS creator, like RH, then let RH
sign their own modules?
EG, Microsoft RootCA -> Signed Package
vs, Microsoft RootCA -> RH Child CA -> Signed Package ....
--
-john r pierce
recycling used bits in santa cruz
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic