[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen 4.3 development update, and stock-taking

On 17/01/13 16:20, Jan Beulich wrote:
But there might be some fundamental understanding issue here:
I take it that it is not a property of a system whether one wants
secure boot, but a request of the owner of the system. If (s)he
wants to boot securely, then of course anything that isn't signed
doesn't even get loaded. If (s)he wants to boot "normally", the
shim gets left out of the picture, and off we go. But maybe I'm
wrong with that?

As I understand it, the whole reason Fedora and Ubuntu are going through this whole hassle with secure boot is: * Microsoft requires a system to ship w/ secure boot enabled to get "MS Certified" for Windows 8 * The vast majority of desktop systems will be shipping with Windows 8, and so will want to be certified * Therefore the vast majority of desktop systems will ship w/ secure boot enabled
* MS requires that secure boot be able to be disabled; however
* Each EFI system will be different, so it will be impossible to provide instructions on how to do so * Furthermore many EFI systems may be buggy, so it may still not be possible to disable EFI

So the vast majority of desktop systems, saying that secure boot was "a request of the owner of the system" is false. They didn't ask for it to be turned on, and it may be difficult or impossible to turn off.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.