Customization

Date: 2012-06-01 10:14 am (UTC)
From: (Anonymous)
If you know how to customize this, then you should be able to sign your own code (or disable the requirement, which if it will not be implemented, the OEM will be boycotted by IT enthusiasts...as in who is asked what to buy).
The discussion starts with the main loader started from HDD. That loader can be customized to contain your own key (with a little hassle, but required only once) with which you could build your stuff (including signing your kernel code).
The whole point of UEFI security started with executing only TRUSTED boot code. By default, it's MS-trusted ("Windows logo") which RedHat negotiates for a signing. But the writer specifies that they want to get to a common ground in which the trusted decision comes to the user.
GPL is not involved in this whatsoever. The code itself will be distributed, which can be used without the keys (which is data, not code) provided deactivation is available(which is OEM dependent). I don't think the GPL requires to be able to obtain the identical binary.
From:
Anonymous
OpenID
Identity URL: 
User
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org


 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Nebula. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Active Entries

Expand Cut Tags

No cut tags