Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2992539Ab2KAVab (ORCPT ); Thu, 1 Nov 2012 17:30:31 -0400 Received: from lxorguk.ukuu.org.uk ([81.2.110.251]:35276 "EHLO lxorguk.ukuu.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1760735Ab2KAVa1 (ORCPT ); Thu, 1 Nov 2012 17:30:27 -0400 Date: Thu, 1 Nov 2012 21:35:24 +0000 From: Alan Cox To: Matthew Garrett Cc: James Bottomley , Eric Paris , Jiri Kosina , Oliver Neukum , Chris Friesen , Josh Boyer , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org Subject: Re: [RFC] Second attempt at kernel secure boot support Message-ID: <20121101213524.03fa2d53@pyramind.ukuu.org.uk> In-Reply-To: <20121101211859.GA20014@srcf.ucam.org> References: <1351763954.2391.37.camel@dabdike.int.hansenpartnership.com> <1351780935.2391.58.camel@dabdike.int.hansenpartnership.com> <1351783096.2391.77.camel@dabdike.int.hansenpartnership.com> <1351803800.2391.96.camel@dabdike.int.hansenpartnership.com> <20121101210634.GA19723@srcf.ucam.org> <1351804440.2391.99.camel@dabdike.int.hansenpartnership.com> <20121101211859.GA20014@srcf.ucam.org> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.8; x86_64-redhat-linux-gnu) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEWysKsSBQMIAwIZCwj///8wIhxoRDXH9QHCAAABeUlEQVQ4jaXTvW7DIBAAYCQTzz2hdq+rdg494ZmBeE5KYHZjm/d/hJ6NfzBJpp5kRb5PHJwvMPMk2L9As5Y9AmYRBL+HAyJKeOU5aHRhsAAvORQ+UEgAvgddj/lwAXndw2laEDqA4x6KEBhjYRCg9tBFCOuJFxg2OKegbWjbsRTk8PPhKPD7HcRxB7cqhgBRp9Dcqs+B8v4CQvFdqeot3Kov6hBUn0AJitrzY+sgUuiA8i0r7+B3AfqKcN6t8M6HtqQ+AOoELCikgQSbgabKaJW3kn5lBs47JSGDhhLKDUh1UMipwwinMYPTBuIBjEclSaGZUk9hDlTb5sUTYN2SFFQuPe4Gox1X0FZOufjgBiV1Vls7b+GvK3SU4wfmcGo9rPPQzgIabfj4TYQo15k3bTHX9RIw/kniir5YbtJF4jkFG+dsDK1IgE413zAthU/vR2HVMmFUPIHTvF6jWCpFaGw/A3qWgnbxpSm9MSmY5b3pM1gvNc/gQfwBsGwF0VCtxZgAAAAASUVORK5CYII= Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1587 Lines: 34 On Thu, 1 Nov 2012 21:18:59 +0000 Matthew Garrett wrote: > On Thu, Nov 01, 2012 at 09:14:00PM +0000, James Bottomley wrote: > > > I agree that's a possibility. However, I think the court of public > > opinion would pillory the first Commercial Linux Distribution that went > > to Microsoft for the express purpose of revoking their competition's > > right to boot. It would be commercial suicide. > > Oracle are something of a vexatious litigant as far as the court of > public opinion is concerned, but even without that it could be a > customer who complains. If you're personally comfortable with a specific > level of security here, that's fine - but it's completely reasonable for > others to feel that there are valid technical and commercial concerns to > do this properly. The main people who really really care about this the MS key stuff is mostly irrelevant for as they won't use the Microsoft keys anyway. Microsoft will have to provide signing to all sorts of other law enforcement bodies as a responsible provider. If the FBI have a key no other government security installation will have that key in their systems. If the Chinese state has it I doubt the US government will be too keen either. All those official government trojans end up creating a big problem in the trust department. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/