[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-devel-list
Subject: Re: future of dual booting Windows and Fedora, redux
From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= <berrange () redhat ! com>
Date: 2022-07-29 12:05:22
Message-ID: YuPNAtw5mHQ0/+ZY () redhat ! com
[Download RAW message or body]
On Fri, Jul 29, 2022 at 01:52:28PM +0200, Florian Weimer wrote:
> * Daniel P. Berrangé:
>
> >> Unfortunately, Fedora promoted this broken model with pervasive
> >> cross-distribution/cross-OS trust as well. People are generally quick
> >> to criticize those who control a PKI, but very few organizations are
> >> willing to step up to hold the key material for the key of last resort
> >> because of the risk inherent to that. Consequently, pretty much all
> >> distributions hide behind the Microsoft key, instead of running their
> >> own PKI and working with OEMs to get it accepted by the firmware.
> >
> > Would the situation actually be any different in that case ? Assume
> > an alternate reality where hardware OEMs magically agreed to pre-install
> > 20 different keys for the various Linux vendors.
> >
> > You still have the same "problem" that you're running 1 specific vendor's
> > OS, but your firmware trusts the software from countless different
> > unrelated vendors for SecureBoot.
>
> No, in this model, if you buy a Fedora server, it only boots Fedora
> until manual intervention. I don't think this is a problem because
> Secure Boot with that very open signing policy is not very far from
> disabled Secure Boot.
Ah, so you mean getting the OEMs to preload the Linux OS distro
of choice, not merely preloading a distro's SecureBoot keys.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic