Originally posted by lapis
View Post
Announcement
Collapse
No announcement yet.
UEFI SecureBoot Comes To QEMU-KVM
Collapse
X
-
-
Originally posted by WorBlux View Post2.Some poor implementations may only include that key and no easy method to enter the platform setup mode, or add an exempted key.
Leave a comment:
-
Originally posted by lapis View PostWhy ubuntu and red hat need to buy a key ?
2.Some poor implementations may only include that key and no easy method to enter the platform setup mode, or add an exempted key.
Leave a comment:
-
Originally posted by lapis View PostI don t know.
Hardware manafacturers chooses which keys are installed .The user key is not pre installed on motherboards.
The manufacturers chooses which keys are installed by default.The user must contact the manufacturer to install your custom key.This is not a good thing.
Leave a comment:
-
Originally posted by TobiSGD View PostThey do not need to. Ubuntu/Canonical have made their own key for their bootloader/kernel to be able to run on machines with Secure Boot and the Ubuntu key. Fedora has bought the right to use a Microsoft key, just for convenience, because basically every motherboard will ship with this key. This way they don have to convince the hardware manufacturers to use their key, unlike Canonical.
Hardware manafacturers chooses which keys are installed .The user key is not pre installed on motherboards.
The manufacturers chooses which keys are installed by default.The user must contact the manufacturer to install your custom key.This is not a good thing.
Leave a comment:
-
Originally posted by lapis View PostWhy ubuntu and red hat need to buy a key ?
Leave a comment:
-
Originally posted by WorBlux View PostIt's all based on openSSL in the core. You can create a private-public key-pair and an x.509 without the need for a third party.
If the firmware allows you to use the X.509 as the PKI or sideload as a KEK without needed it linked to the PK, then the user is in control.
http://feishare.com/uefi/uefi-secure-boot
Leave a comment:
Leave a comment: