From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1TM162-0001k2-2N
	for mharc-grub-devel@gnu.org; Wed, 10 Oct 2012 14:33:30 -0400
Received: from eggs.gnu.org ([208.118.235.92]:35232)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <prvs=063096ccc7=mjg59@cavan.codon.org.uk>)
	id 1TM15u-0001gp-1p
	for grub-devel@gnu.org; Wed, 10 Oct 2012 14:33:28 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <prvs=063096ccc7=mjg59@cavan.codon.org.uk>)
	id 1TM15s-0004bX-Hk
	for grub-devel@gnu.org; Wed, 10 Oct 2012 14:33:21 -0400
Received: from cavan.codon.org.uk ([93.93.128.6]:55243)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <prvs=063096ccc7=mjg59@cavan.codon.org.uk>)
	id 1TM15s-0004Zl-Bd
	for grub-devel@gnu.org; Wed, 10 Oct 2012 14:33:20 -0400
Received: from mjg59 by cavan.codon.org.uk with local (Exim 4.72)
	(envelope-from <mjg59@cavan.codon.org.uk>) id 1TM15j-00042f-MV
	for grub-devel@gnu.org; Wed, 10 Oct 2012 19:33:11 +0100
Date: Wed, 10 Oct 2012 19:33:11 +0100
From: Matthew Garrett <mjg@redhat.com>
To: grub-devel@gnu.org
Subject: Re: Signature verification in GRUB
Message-ID: <20121010183311.GA15393@srcf.ucam.org>
References: <alpine.DEB.2.02.1210091456130.27430@salmon-of-wisdom>
	<0A339188-C432-43E9-AE19-23713E88A26E@colorremedies.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <0A339188-C432-43E9-AE19-23713E88A26E@colorremedies.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: mjg59@cavan.codon.org.uk
X-SA-Exim-Scanned: No (on cavan.codon.org.uk); SAEximRunCond expanded to false
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
X-Received-From: 93.93.128.6
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Oct 2012 18:33:28 -0000

On Tue, Oct 09, 2012 at 06:32:49PM -0600, Chris Murphy wrote:

> Basically Fedora 18 will be the first Fedora to support UEFI Secure 
> Boot. They are moving to a shim bootloader before GRUB2 because GRUB2 
> is GPLv3 licensed, which requires making signing keys available 
> (Installation Method requirement) so users can still make their own 
> modifications and boot the system with those modifications.

This isn't quite accurate - GPLv3 wasn't an issue, but using shim makes 
it easier to guarantee that users can exercise their freedoms and also 
means we don't have to upload a binary to Microsoft every time we update 
grub.

-- 
Matthew Garrett | mjg59@srcf.ucam.org