Re: Q: secure boot
- Date: Mon, 5 Nov 2018 23:52:35 +0100
- From: Adam Borowski <kilobyte@xxxxxxxxxx>
- Subject: Re: Q: secure boot
On Tue, Nov 06, 2018 at 04:15:31AM +0900, Hideki Yamane wrote:
> I'm curious that what is the blocker for introducing secure boot feature
> into Debian now? Already kernel, grub2 and shim are signed, then what should
> we do to achieve it?
Another question: do we want it? It's beneficial only if you can not only
add your own keys but also _remove_ built-in ones, and typical "consumer"
machines don't allow that.
⢀⣴⠾⠻⢶⣦⠀ Have you heard of the Amber Road? For thousands of years, the
⣾⠁⢰⠒⠀⣿⡁ Romans and co valued amber, hauled through the Europe over the
⢿⡄⠘⠷⠚⠋⠀ mountains and along the Vistula, from Gdańsk. To where it came
⠈⠳⣄⠀⠀⠀⠀ together with silk (judging by today's amber stalls).