[mythtv-users] OT - UEFI, Secure Boot, Fedora and nVidia drivers
George Galt
george.galt at gmail.com
Tue Jun 26 16:23:02 UTC 2012
This is somewhat off topic, though many of us rely on nVidia drivers
to play HD content. I have been trying to sort through all of the
postings about Fedora's and Ubuntu's plans for UEFI secure boot.
Fedora seems to be taking the course of signing their kernels with a
Microsoft key so that they can be booted under UEFI. A post
describing Fedora's plans is here:
http://mjg59.dreamwidth.org/12368.html.
My concern is the following statement: "Secure boot is built on the
idea that all code that can touch the hardware directly is trusted,
and any untrusted code must go through the trusted code. This can be
circumvented if users can execute arbitrary code in the kernel. So,
we'll be moving to requiring signed kernel modules and locking down
certain aspects of kernel functionality. The most obvious example is
that it won't be possible to access PCI regions directly from
userspace, which means all graphics cards will need kernel drivers."
If I read this correctly, this means that nVidia's (and ATI's)
proprietary drivers won't be allowed, only the drivers currently in
the kernel tree (nouveau and the opensource ati driver).
Am I reading this correctly? If so, does anyone have any thoughts
about how to address this issue? If I disable secure boot from
BIOS/UEFI, would I be able to run unsigned nVidia drivers or would I
also need to rebuild my kernel to run unsigned drivers? Is it too
early to know?
Thanks,
George
More information about the mythtv-users
mailing list