*countable infinities only

[Jon Ciesla]

On Thu, May 31, 2012 at 12:42 PM, Gerry Reno <greno at verizon.net> wrote:
> On 05/31/2012 01:34 PM, Jon Ciesla wrote:
>> On Thu, May 31, 2012 at 12:22 PM, Gerry Reno <greno at verizon.net> wrote:
>>> On 05/31/2012 01:19 PM, Jon Ciesla wrote:
>>>> On Thu, May 31, 2012 at 12:16 PM, Gerry Reno <greno at verizon.net> wrote:
>>>>> On 05/31/2012 01:10 PM, Gregory Maxwell wrote:
>>>>>> On Thu, May 31, 2012 at 1:07 PM, Gerry Reno <greno at verizon.net> wrote:
>>>>>>> Could be any of a thousand ways to implement this.
>>>>>>> Maybe it checks the BIOS to determine whether some SecureBoot flag is set.
>>>>>> While it pains me to argue with someone on my side— you're incorrect.
>>>>>> The compromised system would just intercept and emulate or patch out that test.
>>>>> Then what's missing here is a way for booted OS's to test themselves for integrity.
>>>> Maybe some sort of cryptographic signature stored in the hardware?
>>>>
>>>> <ducks>
>>>>
>>>> -J
>>>>
>>>> </sarcasm>
>>>>
>>> Just not dictated by one monopoly.
>> Ideally, no.  But you see the problem.  I'm divided on the solution
>> myself, but I've yet to see one I feel better about.
>>
>> -J
>>
>>
>
> This game of cat and mouse with the blackhats is not going to end until we have some type of read-only partitions where
> known good code resides.

We have that, ISO9660.  Known good == known good to whom?

-J

> And the user must hit a hardware button to enable read-write to change anything there.
>
> We just keep pushing these blackhats to different layers.  Next they'll be flashing our BIOSes and eliminating all
> protections SecureBoot and otherwise.
>
> .
>
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel



-- 
http://cecinestpasunefromage.wordpress.com/
------------------------------------------------
in your fear, seek only peace
in your fear, seek only love

-d. bowie