|
|
|
|
|
|
by darklajid
5378 days ago
|
|
|
Where do you see the requirement that the kernel has to be signed? I only see them mentioning the boot loader, which should be something entirely different (both on Windows and Linux, as far as I'm aware. I admit that my knowledge about the Windows boot process is incomplete). If I'm correct (?) your whole reply to that point was a bit over the top, especially the 'tell me where you work so that I can ignore you' part. Edit: Reading the original source (I recommend it!) confuses me. It says 'unsigned binaries will not load', but still: I'm still reading that as 'will not be loaded by the UEFI firmware' - which should only need to load the bootloader (+ relevant drivers) as far as I understand it? |
|
|
I don't think this will affect corporate Windows installations as you'd presumably be installing a signed kernel and signed drivers - as the post above yours states, it's very rare to use a non-Microsoft-supplied kernel and unsigned drivers in the corporate environment today.
Signing a Linux bootloader could be perceived as a potential breach of this trusted boot process, as Windows could then potentially be loading in an emulated environment created by a malicious GRUB module or the like. Chances are, nobody subscribing to Trusted Boot will ruin their marketability by either a) not providing a way to disable the trust verification or b) not signing a Linux bootloader. However, that possibility is what has the rash of speculative "Linux won't run anymore!!!" articles running around the internet this week.
More solid info on the trusted boot process can be derived from:
http://lanyrd.com/2011/bldwin/shkft/