[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20121101213524.03fa2d53@pyramind.ukuu.org.uk>
Date: Thu, 1 Nov 2012 21:35:24 +0000
From: Alan Cox <alan@...rguk.ukuu.org.uk>
To: Matthew Garrett <mjg59@...f.ucam.org>
Cc: James Bottomley <James.Bottomley@...senPartnership.com>,
Eric Paris <eparis@...isplace.org>,
Jiri Kosina <jkosina@...e.cz>, Oliver Neukum <oneukum@...e.de>,
Chris Friesen <chris.friesen@...band.com>,
Josh Boyer <jwboyer@...il.com>, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org
Subject: Re: [RFC] Second attempt at kernel secure boot support
On Thu, 1 Nov 2012 21:18:59 +0000
Matthew Garrett <mjg59@...f.ucam.org> wrote:
> On Thu, Nov 01, 2012 at 09:14:00PM +0000, James Bottomley wrote:
>
> > I agree that's a possibility. However, I think the court of public
> > opinion would pillory the first Commercial Linux Distribution that went
> > to Microsoft for the express purpose of revoking their competition's
> > right to boot. It would be commercial suicide.
>
> Oracle are something of a vexatious litigant as far as the court of
> public opinion is concerned, but even without that it could be a
> customer who complains. If you're personally comfortable with a specific
> level of security here, that's fine - but it's completely reasonable for
> others to feel that there are valid technical and commercial concerns to
> do this properly.
The main people who really really care about this the MS key stuff
is mostly irrelevant for as they won't use the Microsoft keys
anyway. Microsoft will have to provide signing to all sorts of other law
enforcement bodies as a responsible provider. If the FBI have a key no
other government security installation will have that key in their
systems. If the Chinese state has it I doubt the US government will be
too keen either.
All those official government trojans end up creating a big problem in the
trust department.
Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists