[ale] OT: micro mini nano PC

DJ-Pfulio DJPfulio at jdpfu.com
Mon Feb 1 00:24:25 EST 2016 

Thought UEFI BIOS had a place for a cert that signed the kernels. It is
just that cert is pre-installed from MSFT since that is what most people
use.  OTOH, I dunno.

 Read an article that the LF figured out a cross-platform way to NOT use
MSFT certs, but retain the desired boot-chain validation.

OTOH, I dunno what was actually implemented.

On 01/31/16 22:52, damon at damtek.com wrote:
> The below is not true based on what I *think* I know. Sabayon was (they
> claim) the first to boot with a secure image and they do it with a self
> signed cert. Now if hardware MFG don't allow for that, THEN the run of
> the mill distribution will be in trouble. Nothing (directly) to do with
> MS at all. And if windows does not want to dual boot, then don't. Rather
> boot withe two SEPARATE disks and use UEFI bios to boot the appropriate OS.
> 
> --
> Sent from myMail app for Android
> 
> Damom
> 
> Saturday, 30 January 2016, 06:55PM -05:00 from Alex Carver
> <agcarver+ale at acarver.net <mailto:agcarver+ale at acarver.net>>:
> 
>     The problem is that Linux Foundation is entirely dependent on
>     Microsoft's good graces to sign their bootloader with Microsoft's key.
>     Should Microsoft one day decide it has no desire to do that then that
>     locks out many systems that did not provide the kill switch for Secure
>     Boot or the ability to add personal signing keys.
> 
> 
> 
>     On 2016-01-30 15:44, DJ-Pfulio wrote:
>     > SecureBoot is recommended for Linux Workstations by the Linux
>     > Foundation. It is a good idea for everyone, not just Windows.
>     >
>     >
>     https://github.com/lfit/itpol/blob/master/linux-workstation-security.md
>     >
>     > Checklist
>     > * System supports SecureBoot (ESSENTIAL)
>     > * System has no firewire, thunderbolt or ExpressCard ports (NICE)
>     > * System has a TPM chip (NICE)
>     >
>     > So - it appears a $230 Chromebook (1080p screen) meets these
>     conditions.
>     > Nice!
>     >
>     > That doesn't mean those corporate overlords (LF overlords) don't have
>     > ulterior motives, but it probably does mean that MSFT isn't the
>     only one.
>     >

More information about the Ale mailing list