Thibault Nélis writes:
Yes, I think that would qualify.No it isn't necessary. You're looking at it the wrong way; basically only the things able to boot kernels and kernels themselves have to be signed and trusted to ensure the integrity of the kernels.
Who gets to make a call what is "trusted", and what even "trusted" means.Can I recompile my own kernel, sprinkle some magic dust over it, and make "trusted", without involving any other party?
Technically this delegates trust just as a certificate would (implicitly this is sort of like a certificate since all packages, including the shim, are signed by Fedora release keys), so the ability for Microsoft to review
Again, you are assuming that Microsoft will sign off on the concept of signing a shim, and going forward, it's the wild-wild West.
Not going to happen.
And, grub can boot an arbitrary Linux kernel, right? So, a virus that wants to compromise a signed, secure bootload chain, can't it simply install Fedora's signed grub, configured to boot a bare-bones Linux kernel, nothing will prevent that, right?Fedora's signed shim bootloader will check the integrity of GRUB2. GRUB2 itself will check the integrity of the kernel.
And the kernel will check the signature of every module?And you will not be able to compile your own kernels, and install them, right?
And, Fedora can load any kernel module, right? Hence, load the virus code onto "bare metal", right?The kernel will check the integrity of the modules.
Thought so.
BTW, if you're wondering about loading your own modules or building your own kernel, it wouldn't make sense to ask Fedora to trust your piece of software,
No, it wouldn't. Why the frak should I ask anyone for permission to run my own software on my own computer? Can you explain that concept to me?
since it would have nothing to do with Fedora and won't even be in their repos.
Nobody said that it would.
So you have to do the logical thing, generate a personal key and sign your own stuff with it.
But I can't do that. Only Fedora key's signed stuff will run.And, if an individual can get a signed key, just for asking, for their own stuff, so can an upper Moldovian, in order to right the next release of Stuxnet, that's going to get bootstraped off Fedora.
You're living in a fantasy land.
If the modules you want are of enough value for all Fedora users, you can ask the kernel maintainers (I guess) to review them, sign them and bundle them in the Fedora repositories. This feels natural.
I don't give a frak about that. I just want to run my own stuff, without anyone else sticking their nose in my personal business. Is that too much to ask?
Attachment:
pgpiXCcaQxfZA.pgp
Description: PGP signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
