Re: [RFC] Second attempt at kernel secure boot support

From: Eric W. Biederman
Date: Fri Nov 02 2012 - 20:47:15 EST

Next message: Alan Cox: "Re: setting up CDB filters in udev (was Re: [PATCH v2 0/3] block:add queue-private command filter, editable via sysfs)"
Previous message: Jesse Barnes: "Re: [PATCH 1/2] PM: make VT switching to the suspend console optional"
In reply to: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Alan Cox: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Matthew Garrett <mjg59@xxxxxxxxxxxxx> writes:

> On Fri, Nov 02, 2012 at 03:03:02PM -0700, Eric W. Biederman wrote:
>
>> I don't want my system p0wned in the first place and I don't want to run
>> windows. Why should I trust Microsoft's signing key?
>
> There's no reason to. Systems that don't trust Microsoft's signing key
> have no reason to be concerned about Microsoft revocation.
> Unfortunately, that's not the only set of people we have to worry
> about.

No reason to? How can I configure an off the shelf system originally
sold with windows 8 installed to boot in UEFI secure boot mode using
shim without trusting Microsoft's key?

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: setting up CDB filters in udev (was Re: [PATCH v2 0/3] block:add queue-private command filter, editable via sysfs)"
Previous message: Jesse Barnes: "Re: [PATCH 1/2] PM: make VT switching to the suspend console optional"
In reply to: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Alan Cox: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]