Regarding Signing Linux kernel with Microsoft secure boot keys for UEFI

[Ewan Marshall]

On 08/07/2018 06:51, inventsekar wrote:
> Thx for the reply...
> I got it... Its not a youtube video i was refering...
> I was asking about this...
> 
> https://arstechnica.com/information-technology/2013/02/linus-torvalds-i-will-not-change-linux-to-deep-throat-microsoft/
> 
> I read this page few times but I am unable to understand what's Linus's 
> idea..Why he disagree ...
> whether the Linux kernel should include code that makes it easier to 
> boot Linux on Windows PCs. This goes back to Microsoft requiring 
> <http://arstechnica.com/information-technology/2012/01/windows-8s-locked-bootloaders-much-ado-about-nothing-or-the-end-of-the-world-as-we-know-it/> that 
> PCs designed to run Windows 8 use UEFI firmware with the Secure Boot 
> feature enabled
> 
> On Sun 8 Jul, 2018, 11:16 AM Jeffrey Walton, <noloader at gmail.com 
> <mailto:noloader at gmail.com>> wrote:
> 
>     On Sun, Jul 8, 2018 at 1:17 AM, inventsekar <inventsekar at gmail.com
>     <mailto:inventsekar at gmail.com>> wrote:
>      > ...
>      > I am not sure if its a bad question... (i thought for few days
>     about "can i
>      > ask this or not")
>      >
>      > If its a bad question, please accept la apologizes.. if admins
>     wishes, this
>      > three email can/should be deleted.
> 
>     My guess is, no one bothered watching the youtube video. But it is
>     just speculation on my part.
> 
>     Maybe you can list the items you would like explained.
> 
>     Jeff

There are major security issues with the trust of the embedded key, if 
the private key part of that key gets compromised, there is no coming 
back. Also, why should Canonical trust Redhat's key, or Novell (SUSE), 
maybe the debian devs. It is a very very bad idea to have a PE binary 
which contains a redhat public key that is microsoft signed. This 
request is suggesting embedding 2 proprietary things into the Linux 
Kernel just so microsoft can control the x86 market.

Ewan