[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-promo
Subject:    Re: [kde-promo] Secure boot
From:       Pau Garcia i Quiles <pgquiles () elpauer ! org>
Date:       2011-10-20 14:52:06
Message-ID: CAKcBoku8JGvSObP3_EvRXpAR=D-5A8x4tWFr0OT_dydPCmMdgg () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi,

I've expanded my answer below in a blog post:

http://www.elpauer.org/?p=1056



On Thu, Oct 20, 2011 at 4:06 PM, Pau Garcia i Quiles
<pgquiles@elpauer.org>wrote:

> Hi,
>
> IMHO this is not Microsoft's fault.
>
> The UEFI secure boot standard should have defined an organization (a
> "Secure Boot Certification Authority") that would issue and/or receive
> certificates from organizations/companies (Red Hat, Oracle, Ubuntu,
> Microsoft, Apple, etc) that want their binaries signed. This SBCA would also
> be in charge of verifying the background of those organizations. There is
> actually no need for a new organization: just use an existing one, such as
> Verisign, that carries on with this task for Microsoft for kernel-level
> binaries ("AuthentiCode").
>
> Given that there is no Secure Boot Certification Authority, Microsoft asked
> BIOS (UEFI) developers and manufacturers to include their certificates,
> which looks 100% logical to me. The fact that Linux distributions do not
> have such power is unfortunate, but it is not Microsoft's fault.
>
> Now: solutions? Given its strong ties with Intel, AMD and others, maybe The
> Linux Foundation could start a task force and a "Temporary Secure Boot
> Certification Authority", and act as a proxy for minorities such as Linux,
> BSD, etc distributions. IMHO this is our best chance to get something done
> in a reasonable amount of time. Complaining will not get us anything. We
> need to propose solutions.
>
>
>
>
> On Thu, Oct 20, 2011 at 3:09 PM, Agustin <toscalix@gmail.com> wrote:
>
>> Hi,
>>
>> I've received the last few days several mails related with Microsoft
>> strategy to deliver secure boot implemented in a way that adds restrictions
>> for installing free software based distros.
>>
>> Is this being discussed in Kde? Where?
>>
>>
> --
> Pau Garcia i Quiles
> http://www.elpauer.org
> (Due to my workload, I may need 10 days to answer)
>



-- 
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)

[Attachment #5 (text/html)]

Hi,<br><br>I&#39;ve expanded my answer below in a blog post:<br><br><a \
href="http://www.elpauer.org/?p=1056">http://www.elpauer.org/?p=1056</a><br><br><br><br><div \
class="gmail_quote">On Thu, Oct 20, 2011 at 4:06 PM, Pau Garcia i Quiles <span \
dir="ltr">&lt;<a href="mailto:pgquiles@elpauer.org">pgquiles@elpauer.org</a>&gt;</span> \
wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex;">Hi,<br><br>IMHO this is not Microsoft&#39;s \
fault.<br><br>The UEFI secure boot standard should have defined an organization (a \
&quot;Secure Boot Certification Authority&quot;) that would issue and/or receive \
certificates from organizations/companies (Red Hat, Oracle, Ubuntu, Microsoft, Apple, \
etc) that want their binaries signed. This SBCA would also be in charge of verifying \
the background of those organizations. There is actually no need for a new \
organization: just use an existing one, such as Verisign, that carries on with this \
task for Microsoft for kernel-level binaries (&quot;AuthentiCode&quot;).<br>


<br>Given that there is no Secure Boot Certification Authority, Microsoft asked BIOS \
(UEFI) developers and manufacturers to include their certificates, which looks 100% \
logical to me. The fact that Linux distributions do not have such power is \
unfortunate, but it is not Microsoft&#39;s fault. <br>


<br>Now: solutions? Given its strong ties with Intel, AMD and others, maybe The Linux \
Foundation could start a task force and a &quot;Temporary Secure Boot Certification \
Authority&quot;, and act as a proxy for minorities such as Linux, BSD, etc \
distributions. IMHO this is our best chance to get something done in a reasonable \
amount of time. Complaining will not get us anything. We need to propose \
solutions.<div>

<div></div><div class="h5"><br>
<br><br><br><div class="gmail_quote">On Thu, Oct 20, 2011 at 3:09 PM, Agustin <span \
dir="ltr">&lt;<a href="mailto:toscalix@gmail.com" \
target="_blank">toscalix@gmail.com</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">


Hi,<br>
<br>
I&#39;ve received the last few days several mails related with Microsoft strategy to \
deliver secure boot implemented in a way that adds restrictions for installing free \
software based distros.<br> <br>
Is this being discussed in Kde? Where?<br>
<br clear="all"></blockquote></div><br></div></div><font color="#888888">-- <br>Pau \
Garcia i Quiles<br><a href="http://www.elpauer.org" \
target="_blank">http://www.elpauer.org</a><br>(Due to my workload, I may need 10 days \
to answer)<br>


</font></blockquote></div><br><br clear="all"><br>-- <br>Pau Garcia i Quiles<br><a \
href="http://www.elpauer.org">http://www.elpauer.org</a><br>(Due to my workload, I \
may need 10 days to answer)<br>



_______________________________________________
This message is from the kde-promo mailing list.

Visit https://mail.kde.org/mailman/listinfo/kde-promo to unsubscribe, set digest on \
or temporarily stop your subscription.



[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic