Linux Mint Forums

[fbsduser]

One thing you forget is that (given M$'s deal with Novell) SLED/SLES/openSUSE are very likelly going to have their very own Pkek keys to be able to boot with UEFI secure-boot enabled. Which might become a way to get Linux working (The day that those 3 distros get updated to have the keys, someone is surelly going to take a copy of openSUSE apart and find out where those keys are stored and how to make them work in generic linux distros).

[rijnsma]

Don't tell them.

[zerozero]

didn't took long w8 is not out yet and its secure boot was already exploited http://arstechnica.com/business/news/2011/11/security-researcher-defeats-windows-8-secure-boot.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss (at least apparently)

- now i ask, what is it good for then? just to keep linux out of the equation?

tks to kendall for the heads-up on G+

[rijnsma]

- now i ask, what is it good for then? just to keep linux out of the equation?

It now looks like that.

Great story. Thx.

[driekus]

Could we start a list of government agencies that we can complain too about this?
It will probably get through, but lets give microsoft as big a headache as possible.

[rijnsma]

The Free Software Foundation is already busy with it.
http://www.fsf.org/campaigns/secure-boo ... cted-boot/

Whitepaper has another entree:
http://blog.canonical.com/2011/10/28/wh ... -on-linux/

[lexon]

http://www.zdnet.com/blog/bott/leading- ... linux/4185

L

[altair4]

Don't know how many are still following this but it appears Fedora 18 will use a Microsoft signed key in it's bootloader: http://mjg59.dreamwidth.org/12368.html

The last option wasn't hugely attractive, but is probably the least worst. Microsoft will be offering signing services through their sysdev portal. It's not entirely free (there's a one-off $99 fee to gain access), but it's cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions. If there are better options then we haven't found them. So, in all probability, this is the approach we'll take. Our first stage bootloader will be signed with a Microsoft key.

You might want to read the whole post before getting out the pitchforks so that you can at least understand where they're coming from.

[altair4]

Matthew Garrett has made a correction in his statement that might make this more palatable:

The last option wasn't hugely attractive, but is probably the least worst. Microsoft will be offering signing services through their sysdev portal. It's not entirely free (there's a one-off $99 fee to gain access edit: The $99 goes to Verisign, not Microsoft - further edit: once paid you can sign as many binaries as you want), but it's cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions. If there are better options then we haven't found them. So, in all probability, this is the approach we'll take. Our first stage bootloader will be signed with a Microsoft key.

[AlbertP]

Still, Microsoft now requires vendors to provide an option for turning off Secure Boot in the BIOS. That also solves the problem, though I admit that having a functional Secure Boot key may be easier at times, for example for people who don't know how a BIOS works. If they run into some Secure Boot restriction, they can get help on the forum how to turn off S.B. I think this is better than having users complain about their computer not booting Linux at all.

[rijnsma]

AlbertP

Still, Microsoft now requires vendors to provide an option for turning off Secure Boot in the BIOS.

Not on ARM. Or has that changed?
http://arstechnica.com/business/2012/01 ... difficult/

I keep feeling very uncomfortable about it.

[AlbertP]

You're right. I've said it before, this is not on ARM. But Mint doesn't have an ARM port either and ARM is mainly a smartphone and tablet architecture while Mint targets desktop/laptop users.

[rijnsma]

Right. Thanks!

[Goz]

AlbertP

I keep feeling very uncomfortable about it.

As do I...There is something fishy in Denmark.