On 1/06/12 13:04, Sam Varshavchik wrote: > Edward M writes: > >> On 05/31/2012 07:18 PM, Sam Varshavchik wrote: >> >>> positive and confident that this entire kit-and-kaboodle has no >>> choice but require a closed, hood-welded-shut OS, booted up with a >>> signed chain, in order for it to work. >> >> Oracle Solaris? > > Yes, I think that would qualify. > > I would truly like for someone who is a lot more knowledgable than me, > in this area, to answer the following short list of simple questions for > me. Please, I'm desperate to know the answers to the following. Someone, > please have pity on me. I'm just feeling particularly stupid today, so > someone needs to patiently explain this to me: > > We're told that Fedora's bootloader is going to get signed – and by > that, that must mean "grub", right? > > And, grub can boot an arbitrary Linux kernel, right? > > So, a virus that wants to compromise a signed, secure bootload chain, > can't it simply install Fedora's signed grub, configured to boot a > bare-bones Linux kernel, nothing will prevent that, right? > > And, Fedora can load any kernel module, right? Hence, load the virus > code onto "bare metal", right? > > Then, can't the loaded virus code simply reboot back into the original, > Windows bootloader, that's now infected, and simply do what the virus > would've done originally, in the absence of a signed bootloader, right? > > If so, then what the FSCK did having an option for a signed bootloader > accomplish, here??? Fedora will be creating a small stage 1 loader. This wil be signed by the MS keys, and will inself contain Fedora keys. These fedora keys will be used to verify the second stage, which will be grub(2). Grub2(2) will also contain keys to check that the kernel is signed, and the kernel will also contain keys to check that modules that are loaded are signed. I would say that Fedora will key these keys private, as it keeps it's GPG signing keys. Thus you can't simply just "download this loader" and put in a different kernel, or malware - Grub2 will in this scheme also force signatures of kernels that come from the Fedora project. When Secure EFI is disabled in the firmware, I believe that these checks will all be disabled. Alternately, the build scripts will all likely be open, so you can create your own keys, and pay MS the $99 to create your own stage 1, that verfies your grub etc etc. However, MS may arbitraily reject you. > > I don't have any answers to these questions (like I said, I'm feeling a > bit stupid today), but I do know one thing for sure. If everything that > what's been publicly said on this subject, so far, is true, then: > > Someone around here is a bloomin' idiot of the first degree. An > absolute, total, clueless moron. Complete, and total, brain damage. That > could be either myself – a possibility that I am perfectly willing to > admit – or Microsoft; or whoever's pushing this. Well yes. In this case it appears to be either attempting to lock out firmware based malware - Or just making the platform more controlled. Your call on how you interpret this. -- Sincerely, William Brown pgp.mit.edu http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x3C0AC6DAB2F928A2
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
