*countable infinities only

Gregory Maxwell gmaxwell at gmail.com
Mon Jun 25 19:38:32 UTC 2012


On Mon, Jun 25, 2012 at 3:28 PM, Chris Murphy <lists at colorremedies.com> wrote:
> That does not answer the question. Ubuntu would work on Secure Boot hardware if they recommended users disable Secure Boot. So why not recommend that, and not support Secure Boot at all?

I advocated that. It was argued here that this would be an enormous
barrier to usability because common users couldn't figure out how to
do that, doubly so because there would be no consistency in the fancy
GUI UEFI interfaces, and asking people to disable "security" is likely
to scare them even if we could manage good instructions.

It was also pointed out that some hardware in the future may not allow it.

> So you have located a vulnerability in SELinux or systemd? And you have an exploit example?

Absent those vulnerabilities you don't need secureboot at all.  Just
use SElinux to prevent the userspace from changing the boot
enviroment. The signing only helps if the discretionary access control
is already compromised— it helps you get the horse back in the barn,
but only if enough of the system is protected by it.  In Fedora the
kernel+bootloader isn't enough.  It's a strict subset it helps with.
... I expect this is part of the reason that we've seen no one
requesting this functionality.

Can you point me to a bugzilla entry or even a mailing list post on a
compromise this actually would have blocked, preferably one that
couldn't have been closed without complicating replacing the kernel.

> I observe that this sequence is extremely low signal to noise, poor rationale, and high on derangement.

Derangement. Hm.  Could you actually _feel_ the excellence flowing
through your fingertips as you typed out this message?


More information about the devel mailing list