Proposed F19 Feature: Package Signature Checking During Installation
Till Maas
opensource at till.name
Thu Jan 10 16:56:14 UTC 2013
On Wed, Jan 09, 2013 at 10:09:21AM -0500, Peter Jones wrote:
> As it stands you still need to verify that your netinst.iso (or
> whatever) boot image is what you mean to be using. There are ways we
> can address that, but it's not the problem I'm trying to solve with this
> particular feature.
>
> I'm not claiming to solve every integrity or authenticity problem we've
> got. I'm just making it so that anaconda can verify packages are okay
> to install. I'm not solving the greater problem of trusting anaconda.
> I've found that it's often useful to work on one engineering problem at
> a time.
But why should anaconda not verify packages if secure boot is disabled?
You need to implement package verification anyhow in anaconda to get
your complete feature to work and this does not have to do anything with
ensuring that anaconda uses the correct key to verify packages. But then
it also does not matter whether you use secure boot to verify the key
(from anacondas perspective) or trust the user to have verified the key.
Especially since it is required for a user to verify the boot image even
with your feature to be secure, also checking for secure boot does not
seem to provide any benefit.
Regards
Till
More information about the devel
mailing list