Yes, it would be more user-friendly to disable secure boot instead of
asking a user to go through the process of importing a new key after
every kernel or driver upgrade. Therefore, I will modify my proposal a
bit and suggest that the menu to disable secure boot should have a new
option to add an exception for the package being installed. The
recommended option could be to disable secure boot, an option to add an
exception could be recommended only for advanced users, and the final
option would be to do nothing at all. This change would allow users to
choose an option that best suits how they wish to use their computer,
but still allow a novice user to select a recommended action and not
deal with being asked to import a new key after upgrades. While a savvy
user could easily do this on their own, it would be nice to have this
functionality streamlined into the distribution.
I do believe there are benefits to using secure boot with any operating
system. Keeping secure boot enabled, even with some exceptions, would
still offer users protection from things like an evil maid attack.
Additionally, people in the GNU/Linux or BSD world should not ignore
secure boot simply because there aren't enough *known* threats to
warrant the extra effort of keeping secure boot enabled. My
recommendation would be to find ways to better implement secure boot
*before* it is needed instead of trying to find ways to keep it enabled
after *known* threats force the adoption of secure boot.
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
