On Tue, Nov 06, 2018 at 09:01:23AM +0900, Hideki Yamane wrote: > On Mon, 5 Nov 2018 23:52:35 +0100 > Adam Borowski <kilob...@angband.pl> wrote: > > Another question: do we want it? It's beneficial only if you can not only > > add your own keys but also _remove_ built-in ones, and typical "consumer" > > machines don't allow that. > > I disagree it. With my understand, secure boot support in Debian is we can > install Debian without modifying secureboot option in BIOS.
But only the stock kernel, which turns it non-free software. There's no benefits for us, too -- a thief or attacker can boot/install Windows, read any non-encrypted data, etc. We're better off if we don't support secureboot on such hardware. Debian has enough use share to be named when governments are concerned -- if we start providing "secure"boot enabled kernels, it'd be an easy sell to lock down consumer machines to disallow kernels not blessed by Microsoft's key. Meow. -- ⢀⣴⠾⠻⢶⣦⠀ Have you heard of the Amber Road? For thousands of years, the ⣾⠁⢰⠒⠀⣿⡁ Romans and co valued amber, hauled through the Europe over the ⢿⡄⠘⠷⠚⠋⠀ mountains and along the Vistula, from Gdańsk. To where it came ⠈⠳⣄⠀⠀⠀⠀ together with silk (judging by today's amber stalls).