Proposed F19 Feature: Package Signature Checking During Installation
Tomas Mraz
tmraz at redhat.com
Wed Jan 9 14:20:16 UTC 2013
On Wed, 2013-01-09 at 14:15 +0000, Matthew Garrett wrote:
> On Wed, Jan 09, 2013 at 03:08:51PM +0100, Florian Weimer wrote:
>
> > I start with the F18 TC3 image, which boots on Secure Boot systems,
> > replace the boot artwork (which is not cryptographically protected),
> > the F18 kernel, and use most of the F19 installation environment.
> > The F18 boot loader and kernel know nothing about image verification
> > or Authenticode-style executable verification, so it will start any
> > init I supply. This means that I can start a fake anaconda which
> > looks just like F19, but does not verify RPM signatures (as before).
> > At this point, I can put whatever RPMs I want on the installation
> > media, and they will be installed.
>
> Yes, if you boot an installer that doesn't verify signatures, you won't
> verify signatures.
But then what's the difference from distrusting the contents of an
installation image booted without SecureBoot in play?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the devel
mailing list