Re: Discuss support for the linux kernel's EFI Handover Protocol on x86

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Discuss support for the linux kernel's EFI Handover Protocol on x86

From:	Matthew Garrett
Subject:	Re: Discuss support for the linux kernel's EFI Handover Protocol on x86 and ARM
Date:	Fri, 11 Jan 2019 11:32:19 -0800

On Thu, Jan 10, 2019 at 12:59 AM Alexander Graf <address@hidden> wrote:
> So really dumb question here: What if we didn't use the MS key? What if 
> instead, we just provide a SUSE/openSUSE key and give customers the ability 
> to sign their own grub+Linux binaries?

Then you end up blocking install of any Linux distribution that isn't
big enough to have every ARM server vendor include their keys. This is
the exact reason we chose not to explore this approach on x86 - we
didn't want Red Hat to have privileges that, say, Gentoo didn't. The
problem is somewhat mitigated if systems are guaranteed to be shipped
with Secure Boot disabled, but you then still end up encouraging
vendor lock-in - it becomes difficult to migrate systems from one
distribution to another without manual re-keying.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Discuss support for the linux kernel's EFI Handover Protocol on x86 and ARM, (continued)

Prev by Date: [PATCH] bootp: add native DHCPv4 support
Next by Date: Re: Discuss support for the linux kernel's EFI Handover Protocol on x86 and ARM
Previous by thread: Re: Discuss support for the linux kernel's EFI Handover Protocol on x86 and ARM
Next by thread: Re: Discuss support for the linux kernel's EFI Handover Protocol on x86 and ARM
Index(es):
- Date
- Thread