Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> As for distro users being restricted, read the referenced blog post, stuff like no non-fedora signed kernel modules, no custom kernels

That's just misinformed FUD. The shim bootloader allows user to enroll her own keys, which allows her to boot to whatever code she wants. So installing your custom kernel might require extra step or two, but it's certainly not being entirely restricted from users.

From my point of view the signing requirements are added in the spirit of "if we are going to support SB, lets at least do something useful with it", and not as you put it "to prevent windows from being "compromised"".



it is absolutely not misinformed FUD, fedora is not using the linux foundation bootloader.

Please read http://mjg59.dreamwidth.org/12368.html its the best document detailing the changes they are putting into place.


> fedora is not using the linux foundation bootloader.

I'm very well aware of that. Here is another post from mjg59's blog that you might find enlightening:

http://mjg59.dreamwidth.org/18945.html

Especially the sections "Providing user control over trust" and "Providing user control over signature verification". A highlight for you:

Anything signed with the user's key will then be trusted.

edit: Here is another link detailing the shim bootloader mechanism:

http://mjg59.dreamwidth.org/20303.html




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: