* Neal Gompa: > None of this had to be this way. It is so by our own inaction, not by > the action of Microsoft.
I agree. No one but Microsoft stepped up and was willing to control the key material. I still wish we went the way of documenting how to disable Secure Boot in commonly used firmware implementations. Secure Boot does not offer any benefit to a platform designed to be as malleable as Fedora is. I tried to start that documentation, but I got the distinct impression it was unwanted. Instead run-time disabling of Secure Boot support without reboot comes and goes, particularly in downstream kernels. Kernel modules are such an important diagnostic tool, and not everyone plans ahead and disables Secure Boot in case they need to load kernel modules later. >> And for the record, my computer's UEFI firmware is so old that >> "Secure Boot" cannot even be enabled at all, even if I wanted to. > > Meh. That means your computer was made before Microsoft started having > vendors require UEFI firmware to include their keys for Windows > certification (which was in 2006/2007). I'm surprised it still works. > More power to you, I guess? Last time I checked this, the Microsoft keys required for Windows certification were not those used to sign third-party binaries like the Fedora shim (the “Microsoft Corporation Third Party Marketplace Root”). You could see the difference in Hyper-V configurations, where the default Secure Boot configuration cannot boot Fedora. Thanks, Florian -- Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
