Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
Sam Varshavchik
mrsam at courier-mta.com
Fri Jun 1 02:18:25 UTC 2012
Chris Adams writes:
> Once upon a time, jdow <jdow at earthlink.net> said:
> > What does this do to those who must recompile the kernel to include say
> > special unusual file systems? If this is disallowed it can render access to
> > historical data on obscure filesystems inaccessible.
>
> You can turn off Secure Boot. The Fedora boot loader getting signed
> just makes it easier for users to install/run Fedora; it does not
> prevent you from running whatever you want.
I'm starting a betting pool.
I don't know when this whole certification process is scheduled to go out
the door, but I'm going to start things off by betting 1,000 quatloos that a
year after this entire dog-n-pony show gets running, Fedora's bootloader
will still not be signed.
I can't even find the words to express how obvious of a train-wreck this is
going to be.
Now, even though I have absolutely zero knowledge of the technical details,
I'm pretty sure that I do know enough to be absolutely positive and
confident that this entire kit-and-kaboodle has no choice but require a
closed, hood-welded-shut OS, booted up with a signed chain, in order for it
to work.
If you allow a signed bootloader to load an open operating system – any
operating system, not just Linux – that makes the entire purpose of a
signed bootloader absolutely and totally moot. This is really very
fundamental. This is a joke. It's a laughing stock. It doesn't take long to
boot a kernel – only a few seconds. Most of the time we spend staring at
the Fedora logo is taken up by all the userspace stuff waking up.
So, this laughable signed bootloader protection can now be trivially
bypassed by a virus, simply by loading a bare-bones Linux kernel, taking
over, getting its hooks in, than simply winding things back, and booting the
Microsoft OS, with the luser hardly noticing that anything's wrong.
Splat.
Really, Microsoft can't simply be /that/ dumb. They've got smart people over
there. They understand this. And if they don't right, they will pretty soon;
as soon as the gory details sink in, and they start thinking what the
consequences are going to be.
This whole blather about the certification process being just a formality is
just a phony facade. It's not going to happen. It's just PR. An open OS
defeats the entire purpose of a signed bootloader.
Now, I welcome for anyone to prove me wrong. Please, there just has to be
someone on the list, who has more details, and can answer a simple question
for me: if the Fedora boot-loader is signed, is it possible to get a Linux
kernel loaded, then simply boot back into Windows?
Bueller?
Bueller?
What a joke.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20120531/4378c2aa/attachment-0001.sig>
More information about the users
mailing list