Is this something we (as consumers of FreeBSD) need to be aware of?

Jerry jerry at
Tue Jun 5 22:10:59 UTC 2012

On Tue, 5 Jun 2012 17:00:14 -0400 (EDT)
Daniel Feenberg articulated:

>On Tue, 5 Jun 2012, Polytropon wrote:
>> On Tue, 5 Jun 2012 11:19:26 -0700, Kurt Buff wrote:
>>> UEFI considerations drive Fedora to pay MSFT to sign their kernel
>>> binaries
>> I may reply with another link:
>I have a pretty basic question that probably displays some ignorance...
>Does the loader need to be signed? Once signed, can it load anything,
>or just things MS has approved? If MS signs the kernel, can the kernel
>run anything, or just things MS has approved? If RH has a signed
>kernel, do they have to sign all the userland programs that run under
>that kernel? Can users sign programs compiled from source?
>If MS only has to sign the first link in the chain, then the $99 
>certificate is not really a problem except for the pure of heart. If
>MS or someone else has to sign all the way down to the userland
>binaries, then users of FreeBSD will have to turn off secure boot in
>CMOS, and it will lose a few users. But I can't tell from the
>discussions mentioned above. Either way, I don't think it will destroy
>FreeBSD, or Linux, but I would be interested anyway.

I thought this URL <> also shown
above, answered that question.

Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

More information about the freebsd-questions mailing list