Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
William Brown
william at firstyear.id.au
Fri Jun 1 12:27:26 UTC 2012
> Now a signed bootloader has its uses, however in a properly designed
> system you would allow the user to import their own keys.
The problem with this scheme is that a "trusted" os would in theory,
with the users permission be able to some how update the trusted key
repository on the firmware. Which means the security of your machine is
as good as the security of your firmware / the OS that is "trusted" to
update the keys. Given certain operating systems weak security record in
the past, I would say that doing this would sadly amount to proving no
security benefit at all ;)
--
Sincerely,
William Brown
pgp.mit.edu
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x3C0AC6DAB2F928A2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 945 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20120601/a12fbc00/attachment.sig>
More information about the users
mailing list