On 12/22/22 15:39, Lennart Poettering wrote:
Well, the thing is: a chain of trust is a*chain*, hence you must
ultimately hook validation to what the firmware provides you with as
root. And that ultimately is the SecureBoot db on commodity hardware.
Well, the thing with a chain of trust is the fact that the only chain
the user can trust is the one that he himself or the host device he owns
and operates generated that trust of chain, from link 0 in that chain. (
And we all know how browsers handle self signed certificates who are no
less secure than those issued )
If the user does not generate or otherwise have control over *all* the
links in the trust chain, that chain cant be considered trusted now can
it, which in turn begs the question why partake in this industry
security theater which may brick or otherwise make the end users life
more miserable or even exclude certain types of devices, if in the end
of the day, the host or the end user is not "secure" for it.
Are those efforts truly for the end user or just to meet some
industry/government requirements ( some governments require backdoor
entrance(s) from vendors for "lawful inspection", backdoor(s) that might
be implement or otherwise supported in the trust chain itself if the
host or user has not full control over that chain ).
JBG