Is this something we (as consumers of FreeBSD) need to be aware of?

Matthew Seaman matthew at
Wed Jun 6 09:38:53 UTC 2012

On 06/06/2012 09:45, Bruce Cran wrote:
> On 06/06/2012 08:32, Matthew Seaman wrote:
>> On deeper thought though, the whole idea appears completely unworkable.
>>   It means that you will not be able to compile your own kernel or
>> drivers unless you have access to a signing key.  As building your own
>> is pretty fundamental to the FreeBSD project, the logical consequence is
>> that FreeBSD source should come with a signing key for anyone to use.

> It just means that anyone wishing to run their own kernels would either
> need to disable secure boot, or purchase/create their own certificate
> and install it.

Indeed.  However disabling secure boot is apparently:

   * too difficult for users of Fedora

   * not possible on all platforms (arm based tablets especially)

and purchasing your own certificate currently means paying $99 to
Microsoft, or else getting a key from the hardware manufacturer (which I
very much suspect will not be free either).

While I would expect the typical FreeBSD user to be quite capable of
disabling secure boot, I know that this is something that will result in
realms of questions by new users, alarmist claims that "FreeBSD is not
secure" and general glee amongst the "FreeBSD is dying" crowd.

This is just another misconceived DRM scheme and suffers from all the
same old flaws.



Dr Matthew J Seaman MA, D.Phil.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url :

More information about the freebsd-questions mailing list