

SUSE details its EFI Secure Boot plans - mrud
http://www.h-online.com/open/news/item/SUSE-details-its-Secure-Boot-plans-1664699.html

======
dsr_
I don't actually care how elegant and wonderful this method of preventing me
from booting what I want to boot on my paid-for hardware is.

I reiterate: once you pay the Danegeld, you can't get rid of the Dane.

(My apologies to current residents of Denmark: it's a thousand year old
historical reference.)

~~~
ajross
Sure, but the practical truth is that the Dane is here to stay anyway because
all your neighbors already paid him off.

Secure boot isn't going away. It has some value to consumers (albeit not
nearly as much as some people want to think). So we have to live with it as
best as we can. The Fedora/SUSE compromise (load a shim which then checks a
signature for the real bootloader) seems straightforward. The Ubuntu one (sign
a shim that will load anything) is preferable to me personally, but IMHO isn't
likely to survive as it's basically a security hole by definition.

~~~
yock
Is it really a security hole? Or does it just get us as close as possible to
where we are now?

~~~
mjg59
It permits the circumvention of the entire process, so if you think there's
any security then it's a security hole.

