*countable infinities only
Gregory Maxwell
gmaxwell at gmail.com
Mon Jun 25 18:48:03 UTC 2012
On Mon, Jun 25, 2012 at 2:37 PM, Chris Murphy <lists at colorremedies.com> wrote:
> I'm reading they're going to use a modified Intel efilinux, not writing a new boot loader. And that they will not require either signed kernel or kernel modules.
Thats my understanding.
> So what's the point of Secure Pre-Boot?
Making Ubuntu work on the hardware people have. Which is the
justification given here why Fedora needed to adopt crytographic
signing of the kernel/drivers/etc.
I think this all would have been a much simpler matter if it wasn't
being described as essential for keeping Fedora operable on the
computers of the common folk.
Of course, users who want more aggressive secureboot would be free to
replace the keys in their system with ones which only sign bootloaders
which are more thoroughly locked down… but I don't see evidence of
the demand. (can you point to some?)
> I think for at least 9 months now the idea of a strictly pre-boot implementation of Secure Boot is possible, but meaningless to the point of "WTF, why bother?" with the effort required. It's like building a bridge that's 80% complete, and therefore 100% useless.
And the kernel hands off control to a init/systemd which is unsigned—
which can be rooted and exploit a vulnerable kernel to prevent
updates. It's like building a bridge that is _10%_ complete, and
therefore 100% useless. :)
… the amount of critical userspace code that runs before updates can
be processed is enormous and the kernel and bootloader is just a tiny
fraction of that. Why not build the 100% bridge that actually
provides a remotely secured platform? Because it's incompatible with
software freedom. Central control is Microsoft's strength, not
Fedora's.
More information about the devel
mailing list