On November 6, 2018 1:14:03 AM UTC, Paul Wise wrote:
>So, really the only reason to support Secure Boot is to avoid users
>having to turn Secure Boot off in their BIOS and avoid having to
>document how to do that on every firmware implementation that is being
>shipped on new hardware. I think i
On Tue, Nov 06, 2018 at 09:21:32AM -0800, Russ Allbery wrote:
> >> What is non-free? Signing stuff does not change the freeness of the
> >> software.
> > it does introduce https://en.wikipedia.org/wiki/Tivoisation however.
> I'm not sure how us signing our stuff does that.
you are right and I wa
Holger Levsen writes:
> On Tue, Nov 06, 2018 at 10:08:10AM +0100, Bastian Blank wrote:
>> On Tue, Nov 06, 2018 at 01:09:50AM +0100, Adam Borowski wrote:
>>> But only the stock kernel, which turns it non-free software.
>> What is non-free? Signing stuff does not change the freeness of the
>> sof
On Tue, 2018-11-06 at 09:14 +0800, Paul Wise wrote:
> AFAICT the Debian Secure Boot packages are not designed for the
> scenario where only Debian keys or per-user keys are trusted by the
> firmware, if they were then shim-signed would be named
> shim-signed-microsoft and there would be a shim-sign
On Tue, 2018-11-06 at 10:42 +, Holger Levsen wrote:
> On Tue, Nov 06, 2018 at 10:08:10AM +0100, Bastian Blank wrote:
> > On Tue, Nov 06, 2018 at 01:09:50AM +0100, Adam Borowski wrote:
> > > But only the stock kernel, which turns it non-free software.
> > What is non-free? Signing stuff does no
On Tue, Nov 06, 2018 at 10:08:10AM +0100, Bastian Blank wrote:
> On Tue, Nov 06, 2018 at 01:09:50AM +0100, Adam Borowski wrote:
> > But only the stock kernel, which turns it non-free software.
> What is non-free? Signing stuff does not change the freeness of the
> software.
it does introduce http
On Tue, Nov 06, 2018 at 01:09:50AM +0100, Adam Borowski wrote:
> But only the stock kernel, which turns it non-free software.
What is non-free? Signing stuff does not change the freeness of the
software.
Bastian
--
"That unit is a woman."
"A mass of conflicting impulses."
On Tue, Nov 6, 2018 at 6:53 AM Adam Borowski wrote:
> Another question: do we want it? It's beneficial only if you can not only
> add your own keys but also _remove_ built-in ones, and typical "consumer"
> machines don't allow that.
AFAICT the Debian Secure Boot packages are not designed for the
Hi,
As far as I remember there are some netbooks (from Lenovo) which cannot turn
Secure Boot off even if it is x86 based.
We can tell user to buy laptop with Coreboot + HEADS preinstalled, or laptops
that can turn Secure Boot off, but what if they are installing their existing
machine?
(I hop
Hi!
Hideki Yamane wrote:
>
> I'm curious that what is the blocker for introducing secure boot feature
> into Debian now? Already kernel, grub2 and shim are signed, then what should
> we do to achieve it?
We're just working out the last steps on the debian-efi list at the
moment.
--
Steve McInty
On Tue, 6 Nov 2018 01:09:50 +0100
Adam Borowski wrote:
> But only the stock kernel, which turns it non-free software.
Sorry, I'm not sure what you're saying.
> There's no benefits for us, too
As I said, our users can install Debian easily. It's huge benefit.
> -- a thief or attacker can bo
On Tue, Nov 06, 2018 at 09:01:23AM +0900, Hideki Yamane wrote:
> On Mon, 5 Nov 2018 23:52:35 +0100
> Adam Borowski wrote:
> > Another question: do we want it? It's beneficial only if you can not only
> > add your own keys but also _remove_ built-in ones, and typical "consumer"
> > machines don't
On Mon, Nov 05, 2018 at 11:52:35PM +0100, Adam Borowski wrote:
> On Tue, Nov 06, 2018 at 04:15:31AM +0900, Hideki Yamane wrote:
> > Hi,
> > I'm curious that what is the blocker for introducing secure boot feature
> > into Debian now? Already kernel, grub2 and shim are signed, then what
> > shou
On Mon, 5 Nov 2018 23:52:35 +0100
Adam Borowski wrote:
> Another question: do we want it? It's beneficial only if you can not only
> add your own keys but also _remove_ built-in ones, and typical "consumer"
> machines don't allow that.
I disagree it. With my understand, secure boot support in D
On Tue, Nov 06, 2018 at 04:15:31AM +0900, Hideki Yamane wrote:
> Hi,
>
> I'm curious that what is the blocker for introducing secure boot feature
> into Debian now? Already kernel, grub2 and shim are signed, then what should
> we do to achieve it?
Another question: do we want it? It's benefic
Hi,
I'm curious that what is the blocker for introducing secure boot feature
into Debian now? Already kernel, grub2 and shim are signed, then what should
we do to achieve it?
--
Hideki Yamane
16 matches
Mail list logo
