[Mageia-dev] Mageia 3 feature proposals review

AL13N alien at rmail.be
Wed Jun 27 20:37:23 CEST 2012

Op woensdag 27 juni 2012 18:45:10 schreef Olav Vitters:
> On Wed, Jun 27, 2012 at 08:35:35AM +0200, AL13N wrote:
> > I thought they were planning on signing all the stuff after grub2 as well?
> > 
> > I have no trouble having signed bootloader. but i would prefer it to be
> > from a completely free CA. ie: NOT from microsoft.
> Then you need to convince all the hardware manufacturers to put your key
> in their hardware, as explained in the blogpost. Seems really unlikely
> to happen.
> > above signing from microsoft, I would even prefer to have a documentation
> > that requests to disable Secure Boot, then generate your own key and
> > adding that, and then setting up Secure Boot again, with your own
> > personal signed stuff.
> Thought disabling secure boot means first booting?

there's likely a bios setting or jumper than can disable secure boot for 

> > of course, if there was an independant org that had it's CA in all
> > hardware, and signed all free OSes, that would be alot better.
> There is none.

yes, i don't think there is one, but that doesn't mean it can't be done. And 
it's ideally the perfect way for every distro.

if RH and Canonical both had worked together with some independant entity 
(like cacert.org ) it could've been handled alot better.

More information about the Mageia-dev mailing list