On Wed, Jun 27, 2012 at 08:35:35AM +0200, AL13N wrote: > I thought they were planning on signing all the stuff after grub2 as well? > > I have no trouble having signed bootloader. but i would prefer it to be from > a > completely free CA. ie: NOT from microsoft.
Then you need to convince all the hardware manufacturers to put your key in their hardware, as explained in the blogpost. Seems really unlikely to happen. > above signing from microsoft, I would even prefer to have a documentation > that > requests to disable Secure Boot, then generate your own key and adding that, > and then setting up Secure Boot again, with your own personal signed stuff. Thought disabling secure boot means first booting? > of course, if there was an independant org that had it's CA in all hardware, > and signed all free OSes, that would be alot better. There is none. -- Regards, Olav
