Fedora will be using keys signed by Microsoft to do UEFI secure boot
Linux - NewsThis forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Fedora will be using keys signed by Microsoft to do UEFI secure boot
Well, I personally find it disturbing (on Free-Software promotion and principle approach... not to mention money arriving at Microsoft's pocket) but....
The last option wasn't hugely attractive, but is probably the least worst. Microsoft will be offering signing services through their sysdev portal. It's not entirely free (there's a one-off $99 fee to gain access), but it's cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions. If there are better options then we haven't found them. So, in all probability, this is the approach we'll take. Our first stage bootloader will be signed with a Microsoft key.
I admit I don't totally understand all of it, but I don't like it. Playing by MS's rules only encourages them and makes their way seem ligit. This is a really good reason to support Linux vendors and buy your computers from them. Though I do realize a lot of people will want/need Windows atleast for dual boot for various reasons.
There is no money arriving in Microsoft's pocket, the key is bought from Verisign. Microsoft is in here only for one reason. Any board out there that comes with Secure Boot implemented will already have the Microsoft key in the ROMs, so using that key to sign your own bootloader/kernel is the logical thing to do to get maximum compatibility with all boards. This is not playing by Microsoft's rules.
Also, see it from a commercial view. Fedora is a testbed for RHEL. Not long in the future Secure Boot will be a requirement in large companies and Red Hat has to support it or they will have serious problems.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.