[Mageia-dev] Mageia 3 feature proposals review

Wed Jun 27 20:37:23 CEST 2012

Op woensdag 27 juni 2012 18:45:10 schreef Olav Vitters:
+> On Wed, Jun 27, 2012 at 08:35:35AM +0200, AL13N wrote:
+> > I thought they were planning on signing all the stuff after grub2 as well?
+> > 
+> > I have no trouble having signed bootloader. but i would prefer it to be
+> > from a completely free CA. ie: NOT from microsoft.
+> 
+> Then you need to convince all the hardware manufacturers to put your key
+> in their hardware, as explained in the blogpost. Seems really unlikely
+> to happen.
+> 
+> > above signing from microsoft, I would even prefer to have a documentation
+> > that requests to disable Secure Boot, then generate your own key and
+> > adding that, and then setting up Secure Boot again, with your own
+> > personal signed stuff.
+> Thought disabling secure boot means first booting?
+
+there's likely a bios setting or jumper than can disable secure boot for 
+desktops.
+
+> > of course, if there was an independant org that had it's CA in all
+> > hardware, and signed all free OSes, that would be alot better.
+> 
+> There is none.
+
+yes, i don't think there is one, but that doesn't mean it can't be done. And 
+it's ideally the perfect way for every distro.
+
+if RH and Canonical both had worked together with some independant entity 
+(like cacert.org ) it could've been handled alot better.
+