Some irresponsible bloggers have been commenting about Matthew’s fork of Linux:
https://firmwaresecurity.com/2015/10/06/matthew-garretts-new-linux-fork/
https://firmwaresecurity.com/2015/10/07/mjg-on-linux-securelevel/
ZDNet has a story with comments from Matthew explaining things:
“I wouldn’t say I’m forking. I’d say that I’m doing my own development work away from LKML. Right now it’s got the securelevel work in it because that’s the only code I have that I feel is ready for public use, but it’ll pick up other bits of code that I’m working on as they become mature.”
http://www.zdnet.com/article/matthew-garrett-is-not-forking-linux/
I guess I look at Matthew’s fork is like the GRSecurity patch for Linux kernel: Matthew’s got the patchset that enables UEFI Secure Boot to be secure on Linux. I hope Tails, Qubes, and other security-minded distros use Matthew’s kernel, at least in builds for UEFI-based systems.
[One of the causes of the above issue is Linus having to deal with Microsoft as a CA. UEFI Forum could also deal with this by putting in place a CA that is not an OSV/OEM. OEMs could be making Linux-friendly sytsems, not just Windows- or Chrome boxes, where Linux is an afterthought second install, which is a lot harder to do with UEFI/Windows Secure Boot — and even Chrome Verified Boot. Linux Foundation could also be helping, by working with OEMs.]
Firmware Security 