Fun question: has anyone tried secure boot with GuixSD?

Fun question: has anyone tried secure boot with GuixSD?

[ng0]

[-- Attachment #1: Type: text/plain, Size: 1022 bytes --]

Following some interesting points I got during a discussion we had
(offline), I have some questions for multiple projects. One of the
topics is "Secure Boot".

Apparently I missed the point with my hardware and systems where Secure
Boot practically became mandatory and default. Which was a long time
ago as I learned today.

As you know or don't know I'm working towards a system based on GuixSD
where one of its scenarios and configurations is to be used from an USB
disk (think 'TAILS' big sister).
I'm about to ask the secure-os mailinglist about how they handle the
Secure Boot (ie: Microsoft) case with their systems.
For us (as in us->Guix) I pose the questions:
- has someone tried this?
- would it technically be possible given the (un/likely) case we get
  Microsoft to cooperate (leaving aside the techno-ethical points for
  this question)?

-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Fun question: has anyone tried secure boot with GuixSD?

[Adonay Felipe Nogueira]

Thanks for asking others to leave the "Microsoft-phobia" aside. This is
important because we must replace our (organization/brand)-based view
with a per (product/project/model/work)-based view, because exclusively
for-profit organizations aren't always in favor of the free/libre
software movement (according to
[[https://k7r.eu/there-is-no-free-software-company-but/]] and
[[https://media.libreplanet.org/u/libreplanet/m/libreplanet-2016-the-last-lighthouse-3d51/]]).

Before anyone else jumps at us, it's important to note the difference
between "Secure Boot" and "Restricted Boot". Basically, the first one
allows the user himself to manage (add/remove/modify) any keys or trust
levels he wants to, while the second doesn't
([[https://media.libreplanet.org/u/libby/m/embracing-secure-boot-and-rejecting-restricted-boot-matthew-garrett/]]).

-- 
- [[https://libreplanet.org/wiki/User:Adfeno]]
- Palestrante e consultor sobre /software/ livre (não confundir com
  gratis).
- "WhatsApp"? Ele não é livre, por isso não uso. Iguais a ele prefiro
  GNU Ring, ou Tox. Quer outras formas de contato? Adicione o vCard
  que está no endereço acima aos teus contatos.
- Pretende me enviar arquivos .doc, .ppt, .cdr, ou .mp3? OK, eu
  aceito, mas não repasso. Entrego apenas em formatos favoráveis ao
  /software/ livre. Favor entrar em contato em caso de dúvida.