Is this something we (as consumers of FreeBSD) need to be aware of?

Mehmet Erol Sanliturk m.e.sanliturk at
Wed Jun 6 09:46:39 UTC 2012

On Wed, Jun 6, 2012 at 2:38 AM, Matthew Seaman <matthew at> wrote:

> On 06/06/2012 09:45, Bruce Cran wrote:
> > On 06/06/2012 08:32, Matthew Seaman wrote:
> >> On deeper thought though, the whole idea appears completely unworkable.
> >>   It means that you will not be able to compile your own kernel or
> >> drivers unless you have access to a signing key.  As building your own
> >> is pretty fundamental to the FreeBSD project, the logical consequence is
> >> that FreeBSD source should come with a signing key for anyone to use.
> > It just means that anyone wishing to run their own kernels would either
> > need to disable secure boot, or purchase/create their own certificate
> > and install it.
> Indeed.  However disabling secure boot is apparently:
>   * too difficult for users of Fedora
>   * not possible on all platforms (arm based tablets especially)
> and purchasing your own certificate currently means paying $99 to
> Microsoft, or else getting a key from the hardware manufacturer (which I
> very much suspect will not be free either).
> While I would expect the typical FreeBSD user to be quite capable of
> disabling secure boot, I know that this is something that will result in
> realms of questions by new users, alarmist claims that "FreeBSD is not
> secure" and general glee amongst the "FreeBSD is dying" crowd.
> This is just another misconceived DRM scheme and suffers from all the
> same old flaws.
>        Cheers,
>        Matthew
> --
> Dr Matthew J Seaman MA, D.Phil.
> PGP:

Thank you very much .

Mehmet Erol Sanliturk

More information about the freebsd-questions mailing list