On Mon, Oct 23, 2017 at 10:50:54AM +0100, Simon Hobson wrote: > KatolaZ <kato...@freaknet.org> wrote: > > > And what if you want to use your own unsigned bootloader? Why should > > you ask someone else the permission to boot your own machine? o_O > > Two ways : > 1) You simply turn off secure boot and it'll boot your unsigned binary. If > your machine doesn't have that then it's a bug and you should complain to the > retailer - and return the machine (which by now is not in a re-sellable > condition) as not fit for purpose (you did mention the need to boot unsigned > binaries when buying it didn't you ?) AIUI, part of MS's specs for > manufacturers is that they allow secure boot to be disabled - precisely to > head off the "this machine can only run Windows, monopoly abuse, ..." > arguments. > > 2) You create your own key, install that in the system, and sign your binary > with that key. This means that the machine will still boot Windows 8+ which > won't otherwise boot. > Again, if the machine won't allow the installation of your own key then > that's a bug - it's (AIUI) part of the UEFI spec to allow keys to be added. > > [U]EFI in itself isn't all that bad - what some manufacturers do with it, and > the hash they make of it, is often bad. >
The problem is that, AFAIK, the norm for many producers is to allow 1) and disallow 2) so far. But again, I have no extensive experience here, so will revert back to silence ;) HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ]
signature.asc
Description: Digital signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
