Chris Adams writes:
Once upon a time, jdow <jdow@xxxxxxxxxxxxx> said: > What does this do to those who must recompile the kernel to include say > special unusual file systems? If this is disallowed it can render access to > historical data on obscure filesystems inaccessible. You can turn off Secure Boot. The Fedora boot loader getting signed just makes it easier for users to install/run Fedora; it does not prevent you from running whatever you want.
I'm starting a betting pool.I don't know when this whole certification process is scheduled to go out the door, but I'm going to start things off by betting 1,000 quatloos that a year after this entire dog-n-pony show gets running, Fedora's bootloader will still not be signed.
I can't even find the words to express how obvious of a train-wreck this is going to be.
Now, even though I have absolutely zero knowledge of the technical details, I'm pretty sure that I do know enough to be absolutely positive and confident that this entire kit-and-kaboodle has no choice but require a closed, hood-welded-shut OS, booted up with a signed chain, in order for it to work.
If you allow a signed bootloader to load an open operating system – any operating system, not just Linux – that makes the entire purpose of a signed bootloader absolutely and totally moot. This is really very fundamental. This is a joke. It's a laughing stock. It doesn't take long to boot a kernel – only a few seconds. Most of the time we spend staring at the Fedora logo is taken up by all the userspace stuff waking up.
So, this laughable signed bootloader protection can now be trivially bypassed by a virus, simply by loading a bare-bones Linux kernel, taking over, getting its hooks in, than simply winding things back, and booting the Microsoft OS, with the luser hardly noticing that anything's wrong.
Splat.Really, Microsoft can't simply be /that/ dumb. They've got smart people over there. They understand this. And if they don't right, they will pretty soon; as soon as the gory details sink in, and they start thinking what the consequences are going to be.
This whole blather about the certification process being just a formality is just a phony facade. It's not going to happen. It's just PR. An open OS defeats the entire purpose of a signed bootloader.
Now, I welcome for anyone to prove me wrong. Please, there just has to be someone on the list, who has more details, and can answer a simple question for me: if the Fedora boot-loader is signed, is it possible to get a Linux kernel loaded, then simply boot back into Windows?
Bueller? Bueller? What a joke.
Attachment:
pgpn2gfY8dBUG.pgp
Description: PGP signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
