On 12/22/22 15:39, Lennart Poettering wrote:
Well, the thing with a chain of trust is the fact that the only chain
the user can trust is the one that he himself or the host device he owns
and operates generated that trust of chain, from link 0 in that chain. (
And we all know how browsers handle self signed certificates who are no
less secure than those issued )
If the user does not generate or otherwise have control over *all* the
links in the trust chain, that chain cant be considered trusted now can
it, which in turn begs the question why partake in this industry
security theater which may brick or otherwise make the end users life
more miserable or even exclude certain types of devices, if in the end
of the day, the host or the end user is not "secure" for it.
Are those efforts truly for the end user or just to meet some
industry/government requirements ( some governments require backdoor
entrance(s) from vendors for "lawful inspection", backdoor(s) that might
be implement or otherwise supported in the trust chain itself if the
host or user has not full control over that chain ).
For the vast, vast, vast majority of users a chain of trust that anchors to the device
manufacturer is more than enough, and solves real-world problems with rootkits and such
things. End users have to trust the hardware vendors anyway.
For the tiny minority of use cases where that is not enough (and I'm pretty sure
nobody here is actually interesting enough to fall into that group) rolling your own PK is
always possible.
Seriously, this "debate" is no longer a debate, it's been done and dusted in
the 15 years or so secure boot has been a thing, it's been over for a long while and
it's really time to stop rehashing tired and debunked nonsense. We have more important
things to do.