Mailinglist Archive: opensuse-project (240 mails)

< Previous Next >
Re: [opensuse-project] UEFI Secure Boot
I'm forwarding the following from Vojtech since I forgot to CC Vojtech previously;(

Andreas

Greg,

Creating the key pair yourself and providing only the signature
verification cerificate to the provider before they provision your
server seems like a safer process, but since the provider has physical
access, you have to trust them anyway, so them having a copy of the
signing key doesn't make much difference.

Better providers will give you access to a remote console of your
system, including to the UEFI boot process and that's as good as being
physically present.

And to the last question: Yes, I'm talking to others about adopting a
common scheme and so far the feedback has been positive.

Vojtech
--
Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx

< Previous Next >