*countable infinities only

Adam Williamson awilliam at redhat.com
Fri Jun 1 19:22:44 UTC 2012

On Fri, 2012-06-01 at 15:14 -0400, Gerry Reno wrote:
> I just read through the MS docs on SecureBoot and this is the biggest Rube-Goldberg machine.
> I could not think of a nastier solution to a problem than what they've dreamt up here.
> The whole problem they are trying to solve is that of booting only known-good code.
> That would be much easier accomplished by having the OS reside on a read-only device that could only be written to by
> the user actively using hardware to enable the write during installation.
> That would create a system where there was no possible programmatic means of corrupting the OS during normal operation.
> No signatures, no crypto-databases, or other SecureBoot gobbledy-gook needed.
> To implement this would require only that new systems support two drives, one with controllable-by-user
> read-write-controller interface for storing the OS. 
> Forensic firms have been using these types of read-write controllable drive interfaces for years.  Hardware already exists.

What is your practical point?

Unless you have a time machine in your back pocket, and a 2x4 with a
rusty nail in it which we can use on the assemblage of people and
companies which have _already decided_ to go ahead with Secure Boot,
proposing systems you think are better is all fine and dandy but
completely and utterly fucking pointless.

Your position is approximately that of a person looking up at the Empire
State Building at a 75% complete stage and saying 'well, they should
have built it THIS way'. Maybe they should. But what are you expecting
to achieve? They're not going to take it down and start over.
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora

More information about the devel mailing list