FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 09-21-2012, 05:42 AM
Heinz Diehl
 
Default UEFI bootkit

On 21.09.2012, Eddie G. O'Connor Jr. wrote:

> >To be able to boot any other system than Windows, you have to turn
> >off secure boot or you could use your own keys signed by Microsoft.
> >It's not (U)EFI which is the problem, it's the "secure boot".

> AAAhhh!! NOW I think I understand!......

You can boot Fedora 18 with (U)EFI and secure boot turned on, of
course. Because the Fedora kernel and programs are signed with a
Fedora key, which itself is signed by M$.

If you want to have "old-style" Fedora, you'll have to turn off secure
boot.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 09-21-2012, 06:58 AM
Mateusz Marzantowicz
 
Default UEFI bootkit

On 21.09.2012 07:42, Heinz Diehl wrote:
> On 21.09.2012, Eddie G. O'Connor Jr. wrote:
>
>>> To be able to boot any other system than Windows, you have to turn
>>> off secure boot or you could use your own keys signed by Microsoft.
>>> It's not (U)EFI which is the problem, it's the "secure boot".
>> AAAhhh!! NOW I think I understand!......
> You can boot Fedora 18 with (U)EFI and secure boot turned on, of
> course. Because the Fedora kernel and programs are signed with a
> Fedora key, which itself is signed by M$.
>
> If you want to have "old-style" Fedora, you'll have to turn off secure
> boot.
>
>
>

Sorry for my maybe stupid question but why there must my Microsoft's key
on motherboard and not Fedora's one? Why Linux vendors don't intend to
install theirs keys to revers the situation so that Microsoft would have
to sign the keys? Or maybe keys from M$ and Fedora could coexist?


Mateusz Marzantowicz
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 09-21-2012, 09:09 AM
"Eddie G. O'Connor Jr."
 
Default UEFI bootkit

On 09/21/2012 02:58 AM, Mateusz Marzantowicz wrote:

On 21.09.2012 07:42, Heinz Diehl wrote:

On 21.09.2012, Eddie G. O'Connor Jr. wrote:


To be able to boot any other system than Windows, you have to turn
off secure boot or you could use your own keys signed by Microsoft.
It's not (U)EFI which is the problem, it's the "secure boot".

AAAhhh!! NOW I think I understand!......

You can boot Fedora 18 with (U)EFI and secure boot turned on, of
course. Because the Fedora kernel and programs are signed with a
Fedora key, which itself is signed by M$.

If you want to have "old-style" Fedora, you'll have to turn off secure
boot.




Sorry for my maybe stupid question but why there must my Microsoft's key
on motherboard and not Fedora's one? Why Linux vendors don't intend to
install theirs keys to revers the situation so that Microsoft would have
to sign the keys? Or maybe keys from M$ and Fedora could coexist?


Mateusz Marzantowicz


My thoughts EXACTLY! It would seem that the Open Source Community should
have their OWN UEFI / key / signing process that eliminates Microsoft
from the equation altogether! I for one would (and already DO!) donate
and support different projects within the community and would LOVE to
see something like this take off......the less "mingling" of Linux and
Microsoft the better!



EGO II
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 09-21-2012, 10:46 AM
Heinz Diehl
 
Default UEFI bootkit

On 21.09.2012, Eddie G. O'Connor Jr. wrote:

> >Sorry for my maybe stupid question but why there must my Microsoft's key
> >on motherboard and not Fedora's one?

Because Microsoft dominates the hardware market, if you like it or
not.

> Why Linux vendors don't intend to
> >install theirs keys to revers the situation so that Microsoft would have
> >to sign the keys? Or maybe keys from M$ and Fedora could coexist?

This has been discussed several times. In short: it's unlikely that
all hardware vendors will implement all the different keys from
different distributions. It's even quite unlikey that they will
implement even one key which fits all distributions. For further
information you could read Matthew Garretts blog.

> My thoughts EXACTLY! It would seem that the Open Source Community should
> have their OWN UEFI / key / signing process that eliminates Microsoft from
> the equation altogether! I for one would (and already DO!) donate and
> support different projects within the community and would LOVE to see
> something like this take off

A good idea. Now the only thing you have to do is that you would have all the different
hardwar vendors motivated to ship their hardware with this key...


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 09-21-2012, 11:13 AM
"Eddie O'Connor"
 
Default UEFI bootkit

On Fri, Sep 21, 2012 at 6:46 AM, Heinz Diehl <htd@fritha.org> wrote:

On 21.09.2012, Eddie G. O'Connor Jr. wrote:

> >Sorry for my maybe stupid question but why there must my Microsoft's key

> >on motherboard and not Fedora's one?

Because Microsoft dominates the hardware market, if you like it or
not.

> *Why Linux vendors don't intend to
> >install theirs keys to revers the situation so that Microsoft would have

> >to sign the keys? Or maybe keys from M$ and Fedora could coexist?

This has been discussed several times. In short: it's unlikely that
all hardware vendors will implement all the different keys from

different distributions. It's even quite unlikey that they will
implement even one key which fits all distributions. For further
information you could read Matthew Garretts blog.

> My thoughts EXACTLY! It would seem that the Open Source Community should

> have their OWN UEFI / key / signing process that eliminates Microsoft from
> the equation altogether! I for one would (and already DO!) donate and
> support different projects within the community and would LOVE to see

> something like this take off

A good idea. Now the only thing you have to do is *that you would have all the different
hardwar vendors motivated to ship their hardware with this key...



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users

Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org


*
*
True. I guess it's too "cost prohibitive" when you think about all the different hardware manufacturers who make MoBo's, chipsets, circuits etc.
*
*
EGO II

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 09-21-2012, 08:01 PM
Lailah
 
Default UEFI bootkit

El vie, 21-09-2012 a las 08:58 +0200, Mateusz Marzantowicz escribió:


On 21.09.2012 07:42, Heinz Diehl wrote:
> On 21.09.2012, Eddie G. O'Connor Jr. wrote:
>
>>> To be able to boot any other system than Windows, you have to turn
>>> off secure boot or you could use your own keys signed by Microsoft.
>>> It's not (U)EFI which is the problem, it's the "secure boot".
>> AAAhhh!! NOW I think I understand!......
> You can boot Fedora 18 with (U)EFI and secure boot turned on, of
> course. Because the Fedora kernel and programs are signed with a
> Fedora key, which itself is signed by M$.
>
> If you want to have "old-style" Fedora, you'll have to turn off secure
> boot.
>
>
>

Sorry for my maybe stupid question but why there must my Microsoft's key
on motherboard and not Fedora's one? Why Linux vendors don't intend to
install theirs keys to revers the situation so that Microsoft would have
to sign the keys? Or maybe keys from M$ and Fedora could coexist?


Mateusz Marzantowicz






As far as I know, both keys* (Microsoft and Fedora)* can coexist.





Regards,

Lailah





--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 05:10 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org