[ale] OT: micro mini nano PC

Alex Carver agcarver+ale at acarver.net
Sun Jan 31 23:19:53 EST 2016 

Well, here's a link describing Linux Foundation's work in getting a
signature in the first place:

http://blog.hansenpartnership.com/adventures-in-microsoft-uefi-signing/


Even then, it's a pre-loader which then loads unsigned code so it
defeats the Secure Boot process but allows people to install Linux on
machines where Secure Boot can't be disabled at all.

And then there was this bit about Windows 10 removing the requirement to
allow Secure Boot to be disabled (it's now up to the manufacturer
whether to allow the option to disable it).

http://arstechnica.com/information-technology/2015/03/windows-10-to-make-the-secure-boot-alt-os-lock-out-a-reality/

And this document from Microsoft which says the Secure Boot database can
not be edited by users (bullet point "How do I edit my PC's Secure Boot
Database?"):

https://msdn.microsoft.com/en-us/library/windows/hardware/dn938319%28v=vs.85%29.aspx



On 2016-01-31 19:52, damon at damtek.com wrote:
> 
> The below is not true based on what I *think* I know. Sabayon was (they claim) the first to boot with a secure image and they do it with a self signed cert. Now if hardware MFG don't allow for that, THEN the run of the mill distribution will be in trouble. Nothing (directly) to do with MS at all. And if windows does not want to dual boot, then don't. Rather boot withe two SEPARATE disks and use UEFI bios to boot the appropriate OS. 
> --
> Sent from myMail app for Android
> Damom Saturday, 30 January 2016, 06:55PM -05:00 from Alex Carver < agcarver+ale at acarver.net> :
> 
>> The problem is that Linux Foundation is entirely dependent on
>> Microsoft's good graces to sign their bootloader with Microsoft's key.
>> Should Microsoft one day decide it has no desire to do that then that
>> locks out many systems that did not provide the kill switch for Secure
>> Boot or the ability to add personal signing keys.
>>
>>
>>
>> On 2016-01-30 15:44, DJ-Pfulio wrote:
>>> SecureBoot is recommended for Linux Workstations by the Linux
>>> Foundation.  It is a good idea for everyone, not just Windows.
>>>
>>>  https://github.com/lfit/itpol/blob/master/linux-workstation-security.md
>>>
>>> Checklist
>>> *    System supports SecureBoot (ESSENTIAL)
>>> *    System has no firewire, thunderbolt or ExpressCard ports (NICE)
>>> *    System has a TPM chip (NICE)
>>>
>>> So - it appears a $230 Chromebook (1080p screen) meets these conditions.
>>> Nice!
>>>
>>> That doesn't mean those corporate overlords (LF overlords) don't have
>>> ulterior motives, but it probably does mean that MSFT isn't the only one.
>>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo

More information about the Ale mailing list