On 06/12/2012 01:11 PM, Gregory Maxwell wrote: > Let me make this more clear: People in this thread have been saying > that instructions can't be created because the hardware is not > available to the public yet. However, the people working this stuff > actually do have access to UEFI secureboot hardware. I presumed this > was under NDA, because none of them were stepping up to say "no, > actually I do have the hardware".
Reference UEFI x86 hardware exists, but it is reference hardware, and has not yet been abused horribly by an OEM. It will look nothing like that when it gets to you, and the way that a bootloader interacts with UEFI isn't affected at all by that, which is why we can implement that bootloader and test it on the reference hardware. Keep in mind that while BIOS looks like an 8bit text adventure game, UEFI is a graphical UI, and each OEM is going to want to provide "value add" and customize it for you to leave no doubt what sort of hardware you're running. We have no clue what the OEMs will do to the interface. > The idea that the firmware is complete enough to build and test the > cryptographic lockdown but not complete enough to make write > instructions against simply didn't occur to me. And with that > thought in mind I think it's even more sad that the Fedora community > isn't focusing primarily on making instructions _now_ while there may > still be an opportunity to encourage making those yet unwritten > interfaces easy and consistent. We can't write instructions on the reference hardware, because it wouldn't be useful, and I believe it may violate NDAs if we were to do so. (I haven't signed any NDAs in this space personally, although, I'm quite sure Red Hat has. I can't tell you anything that would violate the NDA either, because I don't have the reference hardware, nor have I touched/used it. I merely know that it does exist, which you could have figured out with the right set of Google keywords.) ~tom == Fedora Project -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
