What?? Do you expect truth and information to be visible in this threads? So naive of you :)

I kinda agree, but from some answers here I'm starting to think that what should've been there from the beginning isn't a shim, but an alternate root signer / signing infrastructure not controlled by Microsoft. Some key Linux players were offered the chance to maintain this, but they declined. The technology launched with just one signer, and thus this confusion began, where everyone and their dog think that because every x86 mobo comes with MS keys, and the only signer is MS, then UEFI == MS. Which is not.

If the EFF/FSF/LF or for the matter (least preferably) Red Hat or Canonical would support a keysigning infrastructure, things would be more balanced, but they would have to divert their resources to do that, and be accountable for the binaries they sign. Instead they willingly choose to let Microsoft to be the one signer around.

Regarding ARM, it sucks, but it's exactly the same any other ARM player has done, and subject to the same circumstances.

You better stay duck until you learn a bit more. Lots of admins use sudo, and "sudo su" isn't an ubuntuism, it is a retardism.

No you don't understand. Microsoft isn't administering UEFI, they happen to be the only root signer *for now* because for some reason Red Hat and other who were offered to be root signers too *declined the offer*. So do everyone a favor and please inform yourself before posting, particularly before posting that you are informed.

Frontpage slashdot story with a 10 GOTO 10 and saying it's not a loop?

Dudes, just what the fuck. I ask you that.

If what you say is true, it would certainly complete the picture.

It still wouldn't mean the certification is not retarded, but it would certainly show the real direction for the FLOSS communities to push for. I began instinctively taking UEFI / SB as something "bad / anti freedom" mainly because of how it was tainted by Microsoft being the only root signer available at the launch of the technology, their certification program, and the inexcusable fact that they forbid disabling SB / managing keys in the ARM platform. But also, and not the least because I completely ignored how the technology works and the background (like BMO and such show clearly here).

There's huge amounts of misinformation, as we can see in this very same thread, where sensationalistic posts like "FUCK UEFI" get all the eyes and everyone goes idiotic "ZOMG DIE MS SHILL" at the slightest attempt of analysis and information gathering that is the basis for any real solution.

All this current whinning crap won't help us to get anywhere, apart from one or two assholes thinking for a day they are raising the glorious flag of freedom. It is imperative that we start educating ourselves and reach consensus towards more robust solutions; IMO this shim is good, for now, as a temporary one. I long for a more robust and permanent solution which I now begin to think could be, like you say, in the form of a signing infrastructure maintained by some big FLOSS player, like EFF/FSF/LF, and with acceptance by the OEMs and manufacturers.

No, no, no. You got it wrong.

I hate this whole kerfuffle as much as everybody, but the part about not being able to load self signed keys isn't correct. You can load self-signed keys into the UEFI boot key-store right from the UEFI UI. Of course that will prevent Windows 8+ from booting, but that's another story. You can disable it altogether, with the same result.

So you can either disable secure boot or have your own chain of trust separated from Microsoft and boot other OSes. BUT if you want to boot Windows 8+ you have to enable it and use Microsoft's chain of trust, and is in THAT case, when you want to also boot other OSes you must have the other OSes bootloaders signed by Microsoft.

This shim bootloader represents a convenience to the users of that specific case (which indeed is the most common one). They have a "generic" Microsoft-signed bootloader along with some tools to extend a chain of trust from that bootloader to another one, and this second one won't have to get through the dreaded certification process (which indeed forces you to use Windows).

The problem here is NOT UEFI / SECURE BOOT. The problem is MICROSOFT CERTIFICATION PROGRAM. That's where they boicott the whole industry, and where they should be given a fight. That stupid certification process they combined with a twisted use of the new capabilities of UEFI. Make no mistakes, shouldn't UEFI exist today, they would still be looking for ways to exploit their certification program to make manufacturers do anything they want, just so they can bless them with being "Win compatible". THAT is the great lie right there, by which they have the industry inexplicably grabbed by the balls.

The solution of course would be everyone giving the finger to Microsoft on their fucking certification program, and a more open competition would arise. I very much want to see how long they last on that environment.

What better incentive than that?

That applies to me and to you too. Does that mean I won't try to survive, or expect you won't? Nope. Does that mean that me or you dying "is a disaster" because a human life is lost? Also nope, for fucks sake.

Human life is overrated.

Ironically, here in /. "cloud" does even have a category of its own :-|

C'mon... are you really implying that lies and deceit aren't built-in to the game in the US ?

I know, and it's patented too.