Re: [GIT PULL] Load keys from signed PE binaries

From: Matthew Garrett
Date: Tue Feb 26 2013 - 14:41:41 EST

On Tue, Feb 26, 2013 at 08:30:17PM +0100, Florian Weimer wrote:

> I'm sure many folks have read <>
> ("Implementing UEFI Secure Boot in Fedora", 2012-30-05) and similar
> analysis and came away with the impression of a rather open, automated
> signing process, like we had/have for ActiveX controls and Java
> Webstart applications. This may have helped to increase acceptance of
> Microsoft Secure Boot in the technical community. But lately, in
> direct contradiction to earlier descriptions of the process, a lot of
> talk about "obligations" has appeared. I understand that you cannot
> go into specifics, but this situation is rather unfortunate for all of
> us.

It's open. If your code ends up signed and is then used to compromise
the security of other signed operating systems, you're likely to be
blacklisted. That can't surprise anyone, can it?

Matthew Garrett | mjg59@xxxxxxxxxxxxx
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at