Mailinglist Archive: opensuse-project (271 mails)

< Previous Next >
Re: [opensuse-project] UEFI situation
  • From: "M. Edward (Ed) Borasky" <znmeb@xxxxxxxxx>
  • Date: Mon, 25 Jun 2012 22:13:59 -0700
  • Message-id: <CAHkRx6Gn8cT3v=TNMXEV=k=XQaB1COBMsqLjJ=4obwPR2nswTw@mail.gmail.com>
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang <mchang@xxxxxxxx> wrote:

As one of the guys AJ mentioned who is working on the issue, I could
tell that two basic principles for openSUSE


[snip]

2. Be equal or friendly with other distribution
That means the solution has to align with what most other distribution
be able to choose and would allow co-operate with them. This implies
the windows signing service would be used as it's an fair offer for
all with a universal key installed. Until there's another signing
authority recommended by uefi forum, this is the only possible way to
go.

The Fedora proposal, presumably blessed by Red Hat, seems radically
different from the Ubuntu proposal, presumably blessed by Canonical.
So is there a "middle ground" between the two that would be friendly
to both?

I think the decision would be Fedroa's proposed solution, that is we
have a first stage bootloader signed by Microsoft signing service and
a second stage bootloader signed by us, thus we can avoid to integrate
Ms signing process to our infrastructure (OBS or whatever) as it's
painful (a *real living person* is involved to authenticate) and we
still have flexibilities for signing our bootlo.

I'm a big fan of simplicity - as in "do the simplest thing that will
work". There are an awful lot of "moving parts" here. There's the
firmware, the boot-sector-resident code, the rest of the bootloader,
the initrd and the kernel just to get to the point where all the other
miscellaneous code running as a privileged user gets into RAM. After
*that* is all accomplished, *then* all the userspace stuff can happen.

[snip]

Is there a way to eliminate a few layers of complexity? Operating
systems are supposed to be *simple*. Linus has complained about
"bloat", I know, but the hardware keeps getting better and things like
a provably secure microkernel running Linux as a guest aren't as
farfetched on a 2012-vintage quad-core x86_64 as they were on a 386.

--
Twitter: http://twitter.com/znmeb Computational Journalism Server
http://j.mp/compjournoserver

Data is the new coal - abundant, dirty and difficult to mine.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx

< Previous Next >