[mythtv-users] OT - UEFI, Secure Boot, Fedora and nVidia drivers
Simon Hobson
linux at thehobsons.co.uk
Tue Jun 26 20:50:22 UTC 2012
Lawrence Rust wrote:
>I believe that the new Ubuntu loader should work with any Linux system.
>The loader will be signed with M$'s key so that it's universally
>bootable and then chain to Grub, if found. After that it's business as
>normal. So you should be able to use this to boot Fedora and unsigned
>Nvidia drivers. The only change for a new install would be a
>pre-install of the the boot loader from CD/USB followed by a normal
>install.
Which is no help for all those "lets just boot this f***ed up Windows
box with a Linux rescue disk and ..." situations. I've helped a few
of the guys at work and now it's accepted that "Linux is Good"
(actually, usually Knoppix) when it comes to rescuing stuff :)
Ben Kamen wrote:
>Doesn't that invalidate the concept of the trust chain?
...
>(maybe I'm not getting the whole purpose of the UEFI goal)
No, you're not missing anything. It makes a mockery of the whole concept.
For it to be secure, MS would only sign something that itself is
designed to only load signed stuff.
My personal expectation is that most vendors won't include a "make my
machine insecure" option. Of course there will be no "off the record"
conversations between Microsoft and the manufacturers about this, and
I'm sure it will never crop up during negotiations on how much each
OEM Windows licence will cost. Of course not !
And for those that do enable it, I can see the MS FUD machine getting
ready now - pushing how Linux is inherently insecure and how you need
to turn off machine security to run it. Trouble is, many newbies will
believe it and be put off trying "something else".
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the mythtv-users
mailing list