On Thu, Jul 05, 2012 at 05:39:07PM -0700, Rick Thomas wrote: > The fundamental problem we must solve is allowing the *user* to > securely choose which OS she wants to install.
No. The user can disable secure boot. > Whether that OS > follows thru and verifies all its parts is between the user and the > person or group who provided the OS (could be the user, herself, of > course!) No, this is not voluntary. If we get a loader signed by an external entity, it have to fulfill the requirements, aka no execution of unsigned code in the kernel. > Would this work? What have I missed? You show a fundamental missinterpretation of the goals of secure boot. I see nothing worth commenting on. Bastian -- The man on tops walks a lonely street; the "chain" of command is often a noose. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120706090215.gb19...@wavehammer.waldi.eu.org