Re: [SCIENTIFIC-LINUX-USERS] Installing on a new laptop
On Sat, Mar 2, 2013 at 11:09 PM, jdow j...@earthlink.net wrote: On 2013/03/02 15:18, Tom H wrote: On Fri, Mar 1, 2013 at 11:15 PM, jdow j...@earthlink.net wrote: On 2013/03/01 09:26, Tom H wrote: On Thu, Feb 28, 2013 at 7:08 PM, jdow j...@earthlink.net wrote: On 2013/02/28 11:56, Tom H wrote: On Thu, Feb 28, 2013 at 2:38 PM, Robert Blair r...@anl.gov wrote: On 02/28/2013 01:35 PM, Tom H wrote: I wouldn't be surprised if SB became un-disable-able in the next few years. We'd then have to use an MS-signed shim to boot, as is now the case with the default Fedora and Ubuntu SB setups. Maybe I've missed something here. If a generic MS signed shim is available what value does this add? Wouldn't such a shim make booting anything alternative possible? I'm sorry. It's not as generic as I made it look. AIUI, the shim is a basic stage 1 (or maybe stage 0.5) bootloader whose signature's validated against an MS key in the computer's ROM. Grub and the kernel (and its modules in Fedora's case but not in Ubuntu's) are then validated against a Fedora key in the shim. Which is the end of compiling your own code. You mean compiling your own kernel without spending a one-time fee of USD 99. A difference which makes no practical difference is no difference at all. Of course there's a difference. It's grub and the kernel and its modules that you can't compile without signing. You missed the point, Tom. To a retired person a $100 bill is a serious amount of eating that has to be traded off with it. If that cannot be afforded without sacrifice then it might as well not exist as an option. That is the difference that makes no practical difference. The Microsoft extension to the issue is essentially the locked cellphone situation under which I could not code up any new assistive technology for myself and use it. It becomes me paying to have Microsoft own my device. And I'd have to pay them to use my own work on a machine I have every right to regard as my own machine. If Linux is going to systematically support that kind of a model in any way, I'm outahere. You're outahere to where?! As long as you can turn off SB, you're OK using whatever you want to use. If we get to a point where we can't turn off SB on x86, you'll have to use a non-x86, non-ARM processor. I didn't consider the USD 99 because I didn't think it relevant. Compiling your own SB-compatible kernel's a luxury. Your computer isn't non-functional without doing so. Anyway, I found out today that my SB knowledge's out of date. The shim now supports MOKs (Machine Owner Keys) and is distributed with a MokManager program. So you can generate keys with openssl, sign your EFI binaries with them, and enroll your MOK certificate with MokManager.
Re: [SCIENTIFIC-LINUX-USERS] Installing on a new laptop
On 03/02/2013 08:09 PM, jdow wrote:
On 2013/03/02 15:18, Tom H wrote:
On Fri, Mar 1, 2013 at 11:15 PM, jdow j...@earthlink.net wrote:
On 2013/03/01 09:26, Tom H wrote:
On Thu, Feb 28, 2013 at 7:08 PM, jdow j...@earthlink.net wrote:
On 2013/02/28 11:56, Tom H wrote:
On Thu, Feb 28, 2013 at 2:38 PM, Robert Blair r...@anl.gov wrote:
On 02/28/2013 01:35 PM, Tom H wrote:
I wouldn't be surprised if SB became un-disable-able in the next
few years. We'd then have to use an MS-signed shim to boot, as is
now the case with the default Fedora and Ubuntu SB setups.
Maybe I've missed something here. If a generic MS signed shim is
available what value does this add? Wouldn't such a shim make
booting
anything alternative possible?
I'm sorry. It's not as generic as I made it look. AIUI, the shim is a
basic stage 1 (or maybe stage 0.5) bootloader whose signature's
validated against an MS key in the computer's ROM. Grub and the
kernel
(and its modules in Fedora's case but not in Ubuntu's) are then
validated against a Fedora key in the shim.
Which is the end of compiling your own code.
You mean compiling your own kernel without spending a one-time fee
of USD
99.
A difference which makes no practical difference is no difference at
all.
Of course there's a difference. It's grub and the kernel and its
modules that you can't compile without signing.
You missed the point, Tom. To a retired person a $100 bill is a serious
amount of eating that has to be traded off with it. If that cannot be
afforded without sacrifice then it might as well not exist as an option.
That is the difference that makes no practical difference.
The Microsoft extension to the issue is essentially the locked cellphone
situation under which I could not code up any new assistive technology
for myself and use it. It becomes me paying to have Microsoft own my
device. And I'd have to pay them to use my own work on a machine I have
every right to regard as my own machine.
If Linux is going to systematically support that kind of a model in any
way, I'm outahere.
{^_^}
Linux or any open systems approach is not the issue. Microsoft is a
monopoly and has been able to impose this upon the hardware vendors or
it will not allow the vendors to offer MS Win 8. Unfortunately, the
market will not be able to affect any change within any reasonable time
interval unless Microsoft removes this restrictive covenant -- which is
not likely as Microsoft has imposed this approach for maintaining the
monopoly. The only choice, libertarianism aside, is for governments to
intervene, just as MS Win had to be offered to consumers with a
different footprint in the EU compared to the USA (both had found
Microsoft to be a monopoly, but the USA put no effective remedy into
place). Note that the imposed change has little if any effect upon
security -- but might prevent unlicensed (pirated) copies of MS Win 8
from booting. I presume that the PRC internally will break this
imposition -- but I doubt that such PRC machines will either be common
or desireable (except within the PRC where solution will be imposed).
