Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Fwd: Firefox OS with built in support for OpenPGP encryption

Blibbet blibbet at gmail.com
Fri Sep 20 10:46:07 PDT 2013


> (We call the bad version of Secure Boot, where the user does not have
> the ability to modify the set of trusted keys or disable the system,
> Restricted Boot.)
>
> We have discussed the idea of trying to become a root key holder for
> Secure Boot, working with OEMs to by default trust GNU/Linux distro keys
> signed by us, but have been told that the cost of complying with the
> requirements would be in the millions. We're still interested, if anyone
> has funding.

Can you please point to the source of this "millions" comment? I see 
UEFI Forum membership as being $2500/yr max for an org, and free for an 
individual. The latter can't influence codebase and has a 3 page 
license, the former can impact codebase and has a 9 page license.
http://www.uefi.org/join

Is there any info on how votes are controlled at UEFI Forum? I presume 
Intel and Microsoft can veto anything new?

What are the barriers from forking the BSD codebase and providing your 
set of modules, for OEMs to use as an alt from the official Tiano 
modules, so they can use their existing build system to target 2 
different systems?

Another option might be to work with an existing BIOS vendor (IBV), and 
have the alt firmware target done there.

And AFAIK, any OEM can override the MS key restriction and permit a 
non-MS OS on their systems. So having FSF/etc working with Linux OEMs to 
get this going.

I've started talking to some of the few Linux-only OEMs. They appear to 
like Secure Boot, since it drives anti-Secure Boot customers back to 
their legacy BIOS-based products. Nice for short-term proficts, but dumb 
long term, when they can no longer buy COTS BIOS-based mobos to build 
their systems with.

So, has FSF looked at working with an IBV or a PC OEM, about doing a 
proper UEFI-based system with a proper Secure Boot feature that works 
with Linux?

> In the meantime, we would love to receive any reports of x86 systems
> purchased with Secure Boot that actually have Restricted Boot.

BTW, here's latest status from Intel UEFI w/r/t Linux, a talk from last 
week's IDF:

http://uefi.blogspot.com/2013/09/uefi-at-idf13-part-2-uefi-secure-boot.html

The speaker of that talk will be at a UEFI training event at a local 
hackerspace, answering questions on UEFI. If anyone has some good 
questions to ask him, I'll be happy to relay.




More information about the liberationtech mailing list