On 7/29/2012 8:11 AM, Jerry Feldman wrote:
So far RedHat is the only Linux vendor that has signed an agreement with
Microsoft so that Fedora 18 will install out of the box. (A discussion
hs at http://mjg59.dreamwidth.org/12368.html).
Canonical has a proposal for using Intel's efilinux loader, which is
signed, to chain-load an unsigned secondary loader like GRUB2 or an
unsigned kernel image:
https://lists.ubuntu.com/archives/ubuntu-devel/2012-June/035445.html
I like Canonical's approach. It retains all of the benefits of the
Secure Boot environment if you want them. It provides a simple
workaround in case an OEM mistakenly ships a computer that can't have
Secure Boot disabled (and this *is* a mistake on x86 according to
Microsoft's Windows 8 sticker requirements). It lets you boot your own
custom kernels and load binary blob drivers as desired without requiring
a signing key of your own. It doesn't compromise the key
infrastructure. Wins all around.
--
Rich P.
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
