Re: Half-OT: Secure boot and thirdy party kernel modules

2014-07-15 Thread quickbooks office
So did any of you get it to work? That is signing VirtualBox modules and enabling secure boot in the bios? On Tue, Jul 8, 2014 at 6:20 AM, Sergio Belkin wrote: > > > 2014-07-08 5:47 GMT-03:00 Florian Weimer : > >> On 07/08/2014 10:19 AM, Petr Pisar wrote: >>> >>> On 2014-07-07, Florian Weimer w

Re: Half-OT: Secure boot and thirdy party kernel modules

2014-07-08 Thread Sergio Belkin
2014-07-08 5:47 GMT-03:00 Florian Weimer : > On 07/08/2014 10:19 AM, Petr Pisar wrote: > >> On 2014-07-07, Florian Weimer wrote: >> >>> Note that Microsoft's current policy may not allow unrestricted >>> virtualization (KVM or Virtualbox—does not matter) because that "permits >>> launch of anothe

Re: Half-OT: Secure boot and thirdy party kernel modules

2014-07-08 Thread Florian Weimer
On 07/08/2014 10:19 AM, Petr Pisar wrote: On 2014-07-07, Florian Weimer wrote: Note that Microsoft's current policy may not allow unrestricted virtualization (KVM or Virtualbox—does not matter) because that "permits launch of another operating system instance after execution of unauthenticated

Re: Half-OT: Secure boot and thirdy party kernel modules

2014-07-08 Thread Petr Pisar
On 2014-07-07, Florian Weimer wrote: > Note that Microsoft's current policy may not allow unrestricted > virtualization (KVM or Virtualbox—does not matter) because that "permits > launch of another operating system instance after execution of > unauthenticated code"—the wording is rather unclea

Re: Half-OT: Secure boot and thirdy party kernel modules

2014-07-06 Thread Florian Weimer
On 07/06/2014 07:10 PM, Sergio Belkin wrote: So, the question is: Is it worth signing "my own" kernel? Only if you keep your own key on a sufficiently separated machine, otherwise it's equivalent to disabling Secure Boot anyway. It's also not clear if the Virtualbox kernel modules themselves

Re: Half-OT: Secure boot and thirdy party kernel modules

2014-07-06 Thread Matthew Garrett
On Sun, Jul 06, 2014 at 02:10:45PM -0300, Sergio Belkin wrote: > I've found that Oracle VirtualBox kernel module are not signed so I have to > disable secure boot. Oracle says that is not a VirtualBox bug. And Fedora > cannot sign it because of license, can it? Correct. You can generate your own

Half-OT: Secure boot and thirdy party kernel modules

2014-07-06 Thread Sergio Belkin
Hi Fedora folks, I've found that Oracle VirtualBox kernel module are not signed so I have to disable secure boot. Oracle says that is not a VirtualBox bug. And Fedora cannot sign it because of license, can it? So, the question is: Is it worth signing "my own" kernel? Of course I can circunvent th