On Fri, Jun 22, 2012 at 12:04:29PM +0100, Steve Langasek wrote: (snip)
> we have not been able to find legal guidance that we wouldn't then be > required by the terms of the GPLv3 to disclose our private key in > order that users can install a modified boot loader. Have you talked to the FSF about their position on this? They're the sole copyright holder of grub 2, so any position they'd publicly take would be pretty relevant in terms of potential legal action. > Therefore, we will only be requiring authentication of boot loader > binaries. Ubuntu will not require signed kernel images or kernel > modules. How are you going to prevent your bootloader from being used to launch a trojaned Fedora kernel, for instance? This is the kind of decision that doesn't just affect Ubuntu, it has ramifications for the security model that other distributions use. This makes it impossible to implement any kind of signed userspace unless the user explicitly revokes the Ubuntu bootloader first or uses their own trust chain. > As announced earlier today, we've generated an Ubuntu signing key for > use with UEFI. The private half of this key will be stored securely on > our Launchpad infrastructure, which will be responsible for signing boot > loader images and distributing them in the Ubuntu archive. I'm not fully clear on this. If the bootloaders you distribute in the archive will be signed with your key, how do you get your key installed on existing systems? Or will there be two bootloader packages, one signed by Microsoft and one signed by you, with the first chaining to the second? -- Matthew Garrett | mj...@srcf.ucam.org -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
