On November 6, 2018 1:14:03 AM UTC, Paul Wise wrote:
>So, really the only reason to support Secure Boot is to avoid users
>having to turn Secure Boot off in their BIOS and avoid having to
>document how to do that on every firmware implementation that is being
>shipped on new hardware. I think i
On Tue, Nov 06, 2018 at 09:21:32AM -0800, Russ Allbery wrote:
> >> What is non-free? Signing stuff does not change the freeness of the
> >> software.
> > it does introduce https://en.wikipedia.org/wiki/Tivoisation however.
> I'm not sure how us signing our stuff does that.
you are right and I wa
Holger Levsen writes:
> On Tue, Nov 06, 2018 at 10:08:10AM +0100, Bastian Blank wrote:
>> On Tue, Nov 06, 2018 at 01:09:50AM +0100, Adam Borowski wrote:
>>> But only the stock kernel, which turns it non-free software.
>> What is non-free? Signing stuff does not change the freeness of the
>> sof
On Tue, 2018-11-06 at 09:14 +0800, Paul Wise wrote:
> AFAICT the Debian Secure Boot packages are not designed for the
> scenario where only Debian keys or per-user keys are trusted by the
> firmware, if they were then shim-signed would be named
> shim-signed-microsoft and there would be a shim-sign
On Tue, 2018-11-06 at 10:42 +, Holger Levsen wrote:
> On Tue, Nov 06, 2018 at 10:08:10AM +0100, Bastian Blank wrote:
> > On Tue, Nov 06, 2018 at 01:09:50AM +0100, Adam Borowski wrote:
> > > But only the stock kernel, which turns it non-free software.
> > What is non-free? Signing stuff does no
On Tue, Nov 06, 2018 at 10:08:10AM +0100, Bastian Blank wrote:
> On Tue, Nov 06, 2018 at 01:09:50AM +0100, Adam Borowski wrote:
> > But only the stock kernel, which turns it non-free software.
> What is non-free? Signing stuff does not change the freeness of the
> software.
it does introduce http
On Tue, Nov 06, 2018 at 01:09:50AM +0100, Adam Borowski wrote:
> But only the stock kernel, which turns it non-free software.
What is non-free? Signing stuff does not change the freeness of the
software.
Bastian
--
"That unit is a woman."
"A mass of conflicting impulses."
On Tue, Nov 6, 2018 at 6:53 AM Adam Borowski wrote:
> Another question: do we want it? It's beneficial only if you can not only
> add your own keys but also _remove_ built-in ones, and typical "consumer"
> machines don't allow that.
AFAICT the Debian Secure Boot packages are not designed for the
Hi,
As far as I remember there are some netbooks (from Lenovo) which cannot turn
Secure Boot off even if it is x86 based.
We can tell user to buy laptop with Coreboot + HEADS preinstalled, or laptops
that can turn Secure Boot off, but what if they are installing their existing
machine?
(I hop
Hi!
Hideki Yamane wrote:
>
> I'm curious that what is the blocker for introducing secure boot feature
> into Debian now? Already kernel, grub2 and shim are signed, then what should
> we do to achieve it?
We're just working out the last steps on the debian-efi list at the
moment.
--
Steve McInty
On Tue, 6 Nov 2018 01:09:50 +0100
Adam Borowski wrote:
> But only the stock kernel, which turns it non-free software.
Sorry, I'm not sure what you're saying.
> There's no benefits for us, too
As I said, our users can install Debian easily. It's huge benefit.
> -- a thief or attacker can bo
On Tue, Nov 06, 2018 at 09:01:23AM +0900, Hideki Yamane wrote:
> On Mon, 5 Nov 2018 23:52:35 +0100
> Adam Borowski wrote:
> > Another question: do we want it? It's beneficial only if you can not only
> > add your own keys but also _remove_ built-in ones, and typical "consumer"
> > machines don't
On Mon, Nov 05, 2018 at 11:52:35PM +0100, Adam Borowski wrote:
> On Tue, Nov 06, 2018 at 04:15:31AM +0900, Hideki Yamane wrote:
> > Hi,
> > I'm curious that what is the blocker for introducing secure boot feature
> > into Debian now? Already kernel, grub2 and shim are signed, then what
> > shou
On Mon, 5 Nov 2018 23:52:35 +0100
Adam Borowski wrote:
> Another question: do we want it? It's beneficial only if you can not only
> add your own keys but also _remove_ built-in ones, and typical "consumer"
> machines don't allow that.
I disagree it. With my understand, secure boot support in D
On Tue, Nov 06, 2018 at 04:15:31AM +0900, Hideki Yamane wrote:
> Hi,
>
> I'm curious that what is the blocker for introducing secure boot feature
> into Debian now? Already kernel, grub2 and shim are signed, then what should
> we do to achieve it?
Another question: do we want it? It's benefic
15 matches
Mail list logo
