[arch-general] Campaign against Secure Boot

Thomas Bächler thomas at archlinux.org
Mon Jun 25 13:24:21 EDT 2012


Am 25.06.2012 18:37, schrieb Kevin Chadwick:
>>>
>>> If I understand it right, in Setup Mode, you can either boot any
>>> non-signed operating system, or you can import your own keys into the
>>> firmware, so that you can sign your own bootloaders. For me, this is
>>> enough to not care about Secure Boot.
>>>   
> 
> I didn't know key replacement was a requirement for MS certification.
> That's better than I thought, however.
> 
> You can only have one key and so it's a barrier to competition via
> preventing trying out other OS's on a whim!!. To multiboot you have to
> pay and spend a lot of time. Having authorisation to disable it
> completely but not import multiple keys simply doesn't make sense.

I don't think so. I need to verify this, but if I remember right, you
can simply sign Microsoft's key so Windows 8 is also trusted by your own
key.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20120625/59d27226/attachment.asc>


More information about the arch-general mailing list