<div dir="ltr">FWIW here at the office we just bought a couple of Asus UN42 "Vivo Mini" computers from Fry's at a ridiculous sale price. They're about 5x1 inches ( maybe 4 decks of cards stacked 2 high), 2 gb memory with 32 gb of ssd drive space and a Celeron CPU. They ship with Lose 8 or something. Our Sainted Sysadmin got Debian running on them no problem.<div><br></div><div>-- CHS</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 1, 2016 at 12:24 AM, DJ-Pfulio <span dir="ltr"><<a href="mailto:DJPfulio@jdpfu.com" target="_blank">DJPfulio@jdpfu.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Thought UEFI BIOS had a place for a cert that signed the kernels. It is<br>
just that cert is pre-installed from MSFT since that is what most people<br>
use. OTOH, I dunno.<br>
<br>
Read an article that the LF figured out a cross-platform way to NOT use<br>
MSFT certs, but retain the desired boot-chain validation.<br>
<br>
OTOH, I dunno what was actually implemented.<br>
<span class=""><br>
On 01/31/16 22:52, <a href="mailto:damon@damtek.com">damon@damtek.com</a> wrote:<br>
> The below is not true based on what I *think* I know. Sabayon was (they<br>
> claim) the first to boot with a secure image and they do it with a self<br>
> signed cert. Now if hardware MFG don't allow for that, THEN the run of<br>
> the mill distribution will be in trouble. Nothing (directly) to do with<br>
> MS at all. And if windows does not want to dual boot, then don't. Rather<br>
> boot withe two SEPARATE disks and use UEFI bios to boot the appropriate OS.<br>
><br>
> --<br>
> Sent from myMail app for Android<br>
><br>
> Damom<br>
><br>
> Saturday, 30 January 2016, 06:55PM -05:00 from Alex Carver<br>
</span>> <<a href="mailto:agcarver%2Bale@acarver.net">agcarver+ale@acarver.net</a> <mailto:<a href="mailto:agcarver%2Bale@acarver.net">agcarver+ale@acarver.net</a>>>:<br>
<div class="HOEnZb"><div class="h5">><br>
> The problem is that Linux Foundation is entirely dependent on<br>
> Microsoft's good graces to sign their bootloader with Microsoft's key.<br>
> Should Microsoft one day decide it has no desire to do that then that<br>
> locks out many systems that did not provide the kill switch for Secure<br>
> Boot or the ability to add personal signing keys.<br>
><br>
><br>
><br>
> On 2016-01-30 15:44, DJ-Pfulio wrote:<br>
> > SecureBoot is recommended for Linux Workstations by the Linux<br>
> > Foundation. It is a good idea for everyone, not just Windows.<br>
> ><br>
> ><br>
> <a href="https://github.com/lfit/itpol/blob/master/linux-workstation-security.md" rel="noreferrer" target="_blank">https://github.com/lfit/itpol/blob/master/linux-workstation-security.md</a><br>
> ><br>
> > Checklist<br>
> > * System supports SecureBoot (ESSENTIAL)<br>
> > * System has no firewire, thunderbolt or ExpressCard ports (NICE)<br>
> > * System has a TPM chip (NICE)<br>
> ><br>
> > So - it appears a $230 Chromebook (1080p screen) meets these<br>
> conditions.<br>
> > Nice!<br>
> ><br>
> > That doesn't mean those corporate overlords (LF overlords) don't have<br>
> > ulterior motives, but it probably does mean that MSFT isn't the<br>
> only one.<br>
> ><br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br></div>