Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
Mark LaPierre
marklapier at aol.com
Sun Jun 3 17:52:15 UTC 2012
On 06/02/2012 04:43 PM, Alan Cox wrote:
>>> The firmware already has this.
>>
>> Yes, now my mental cobwebs are getting cleaned out. I do recall reading
>> about this, a while ago.
>
> Much of it is there for network booting (PXE etc) and in fact a fair bit
> of it is there in the modern old style BIOS too.
>
>>
>>>> Before it boots the OS.
>>>
>>> Fine UEFI is a powerful enough base to be capable of supporting this. I
>>> don't know if anyone has implemented it, but you have a complete chain of
>>> keys to verify the request.
>>
>> Should be interesting to see how the great unwashed will accept waiting 2-3
>> minutes for their PC to boot, while their firmware is trying to grab CRLs
>> over the network.
>
> I think firmware people are smarter than this. However there are a whole
> array of issues with BIOS and other firmware management. For example all
> those wireless cards that need firmware not in RPM format are completely
> outside of RPM package management if the firmware is updated to fix a
> security hole. In the USB case its probably not a big deal but in the PCI
> case a card with DMA and complex firmware could provide holes.
>
> That's also going to be fun if anyone tries to lock down Fedora. There
> are ways and means but it's pretty ugly trying to sign stuff you can't
> ship but users need to make their box work.
>
>> Should also be interesting to see what happens when you put it behind a
>> proxy that drops the packets on the floor.
>
> I'm not a great fan of the quality of firmware code but give then some
> credit 8).
>
> Alan
Mark's law of corporate governance:
Whatever they do, they will do it to you, not for you.
--
_
°v°
/(_)\
^ ^ Mark LaPierre
Registerd Linux user No #267004
www.counter.li.org
****
More information about the users
mailing list