On Fri, Mar 1, 2013 at 11:15 PM, jdow <[email protected]> wrote: > On 2013/03/01 09:26, Tom H wrote: >> On Thu, Feb 28, 2013 at 7:08 PM, jdow <[email protected]> wrote: >>> On 2013/02/28 11:56, Tom H wrote: >>>> On Thu, Feb 28, 2013 at 2:38 PM, Robert Blair <[email protected]> wrote: >>>>> On 02/28/2013 01:35 PM, Tom H wrote: >>>>>> >>>>>> I wouldn't be surprised if SB became "un-disable-able" in the next >>>>>> few years. We'd then have to use an MS-signed shim to boot, as is >>>>>> now the case with the default Fedora and Ubuntu SB setups. >>>>> >>>>> Maybe I've missed something here. If a generic "MS signed shim" is >>>>> available what value does this add? Wouldn't such a shim make booting >>>>> anything alternative possible? >>>> >>>> I'm sorry. It's not as generic as I made it look. AIUI, the shim is a >>>> basic stage 1 (or maybe stage 0.5) bootloader whose signature's >>>> validated against an MS key in the computer's ROM. Grub and the kernel >>>> (and its modules in Fedora's case but not in Ubuntu's) are then >>>> validated against a Fedora key in the shim. >>> >>> Which is the end of compiling your own code. >> >> You mean "compiling your own kernel without spending a one-time fee of USD >> 99." > > A difference which makes no practical difference is no difference at all.
Of course there's a difference. It's grub and the kernel and its modules that you can't compile without signing.
