On 06/15/2012 06:57 AM, Chí-Thanh Christopher Nguyễn wrote: > Greg KH schrieb: >> So, anyone been thinking about this? I have, and it's not pretty. >> >> Should I worry about this and how it affects Gentoo, or not worry about >> Gentoo right now and just focus on the other issues? >> >> Minor details like, "do we have a 'company' that can pay Microsoft to >> sign our bootloader?" is one aspect from the non-technical side that I've >> been wondering about. > > For the current crop of hardware, it is probably sufficient to add a > paragraph to the handbook which tells the user to disable secure boot. > > Getting users' self-compiled boot loaders signed with a Gentoo key is > probably infeasible. > > If you have influence on UEFI secure boot spec, you could suggest that > they mandate a UI which lists all boot images known to the EFI boot > manager, and the user can easily whitelist both individual loaders and > the keys used to sign them. >
That would be a good compromise. -- Luca Barbato Gentoo/linux http://dev.gentoo.org/~lu_zero
