Is this something we (as consumers of FreeBSD) need to be aware
of?
Mehmet Erol Sanliturk
m.e.sanliturk at gmail.com
Wed Jun 6 09:46:39 UTC 2012
On Wed, Jun 6, 2012 at 2:38 AM, Matthew Seaman <matthew at freebsd.org> wrote:
> On 06/06/2012 09:45, Bruce Cran wrote:
> > On 06/06/2012 08:32, Matthew Seaman wrote:
> >> On deeper thought though, the whole idea appears completely unworkable.
> >> It means that you will not be able to compile your own kernel or
> >> drivers unless you have access to a signing key. As building your own
> >> is pretty fundamental to the FreeBSD project, the logical consequence is
> >> that FreeBSD source should come with a signing key for anyone to use.
>
> > It just means that anyone wishing to run their own kernels would either
> > need to disable secure boot, or purchase/create their own certificate
> > and install it.
>
> Indeed. However disabling secure boot is apparently:
>
> * too difficult for users of Fedora
>
> * not possible on all platforms (arm based tablets especially)
>
> and purchasing your own certificate currently means paying $99 to
> Microsoft, or else getting a key from the hardware manufacturer (which I
> very much suspect will not be free either).
>
> While I would expect the typical FreeBSD user to be quite capable of
> disabling secure boot, I know that this is something that will result in
> realms of questions by new users, alarmist claims that "FreeBSD is not
> secure" and general glee amongst the "FreeBSD is dying" crowd.
>
> This is just another misconceived DRM scheme and suffers from all the
> same old flaws.
>
> Cheers,
>
> Matthew
>
> --
> Dr Matthew J Seaman MA, D.Phil.
> PGP: http://www.infracaninophile.co.uk/pgpkey
>
>
>
http://www.infoworld.com/t/hacking/tech-behind-flame-attack-could-compromise-microsoft-update-194867
Thank you very much .
Mehmet Erol Sanliturk
More information about the freebsd-questions
mailing list