[sf-lug] Fedora dealing with UEFI
Larry Cafiero
larry.cafiero at gmail.com
Sat Jun 2 14:27:15 PDT 2012
Thanks for pointing that out, Rick.
Larry Cafiero
On Sat, Jun 2, 2012 at 2:15 PM, Rick Moen <rick at linuxmafia.com> wrote:
> Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):
>
>> Fedora Linux capitulates to Microsoft boot certificate
> ^^^^^^^^^^^
>
> No. That's simply wrong.
>
> A system in custom mode should allow you to delete all existing keys
> and replace them with your own. After that it's just a matter of
> re-signing the Fedora bootloader (like I said, we'll be providing
> tools and documentation for that) and you'll have a computer that will
> boot Fedora but which will refuse to boot any Microsoft code.
>
> http://mjg59.dreamwidth.org/12368.html
>
> (You provided that link, but I'm guessing you didn't stop to read it.)
>
> A machine with UEFI Secure Boot[1] enforced in the boot firmware is no
> longer a general-purpose computer, and so you shouldn't purchase one
> unless you're prepared to either deal with its enforcement mechanisms or
> reflash your BIOS with something more tractible (such as Coreboot,
> http://www.coreboot.org/). 'Dealing with its enforcement mechanisms'
> can mean putting the BIOS into custom mode and loading it with your
> _own_ code signatures, as Matthew Garrett mentions above.
>
> [1] Your subject header notwithstanding, the problem is not UEFI itself,
> but rather UEFI Secure Boot.
>
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> Information about SF-LUG is at http://www.sf-lug.org/
More information about the sf-lug
mailing list