[mythtv-users] OT - UEFI, Secure Boot, Fedora and nVidia drivers

[Simon Hobson]

Lawrence Rust wrote:

>I believe that the new Ubuntu loader should work with any Linux system.
>The loader will be signed with M$'s key so that it's universally
>bootable and then chain to Grub, if found.  After that it's business as
>normal.  So you should be able to use this to boot Fedora and unsigned
>Nvidia drivers.  The only change for a new install would be a
>pre-install of the the boot loader from CD/USB followed by a normal
>install.

Which is no help for all those "lets just boot this f***ed up Windows 
box with a Linux rescue disk and ..." situations. I've helped a few 
of the guys at work and now it's accepted that "Linux is Good" 
(actually, usually Knoppix) when it comes to rescuing stuff :)



Ben Kamen wrote:

>Doesn't that invalidate the concept of the trust chain?
...
>(maybe I'm not getting the whole purpose of the UEFI goal)

No, you're not missing anything. It makes a mockery of the whole concept.
For it to be secure, MS would only sign something that itself is 
designed to only load signed stuff.

My personal expectation is that most vendors won't include a "make my 
machine insecure" option. Of course there will be no "off the record" 
conversations between Microsoft and the manufacturers about this, and 
I'm sure it will never crop up during negotiations on how much each 
OEM Windows licence will cost. Of course not !

And for those that do enable it, I can see the MS FUD machine getting 
ready now - pushing how Linux is inherently insecure and how you need 
to turn off machine security to run it. Trouble is, many newbies will 
believe it and be put off trying "something else".
-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.