Is this something we (as consumers of FreeBSD) need to be aware of?

Damien Fleuriot ml at
Wed Jun 6 12:23:25 UTC 2012

On 6/6/12 9:32 AM, Matthew Seaman wrote:
> On 05/06/2012 23:10, Jerry wrote:
>> I thought this URL <> also shown
>> above, answered that question.
> Signing bootloaders and kernels etc. seems superficially like a good
> idea to me.  However, instant reaction is that this is definitely *not*
> something that Microsoft should be in charge of.  Some neutral[*] body
> without any commercial interests should do that job, and
> bootloader/kernel signing should be freely available.
> On deeper thought though, the whole idea appears completely unworkable.
>  It means that you will not be able to compile your own kernel or
> drivers unless you have access to a signing key.  As building your own
> is pretty fundamental to the FreeBSD project, the logical consequence is
> that FreeBSD source should come with a signing key for anyone to use.
> Which completely abrogates the whole point of signing
> bootloaders/kernels in the first place: anyone wishing to create malware
> would be able to sign whatever they want using such a key.  It's
> DRM-level stupidity all over again.
> My conclusion: boycott products, manufacturers and/or OSes that
> participate in this scheme.  FreeBSD alone won't make any real
> difference to manufacturers, but I hope there is still enough of the
> original spirit of freedom within the Linux camp, and perhaps from
> Google/android to make an impact.
> I'm pretty sure there can be a way of whitelisting bootloaders and so
> forth to help prevent low-level malware, but this isn't it.
> 	Cheers,
> 	Matthew
> [*] I suggest ICANN might be the right sort of organization to fulfil
> this role.

I agree with the whole post except that last bit about ICANN Matthew.

The US already has enough dominance as is, without involving ICANN, a
supposedly neutral body (yeah right...) any further.

More information about the freebsd-questions mailing list