On 06/01/2012 01:18 PM, Sam Varshavchik wrote:
Who gets to make a call what is "trusted", and what even "trusted" means.
Can I recompile my own kernel, sprinkle some magic dust over it, and
make "trusted", without involving any other party?
Yes, you can sign it yourself, with your own key.
Again, you are assuming that Microsoft will sign off on the concept of
signing a shim, and going forward, it's the wild-wild West.
Not going to happen.
Well why wouldn't they? The alternative is a boot loader for which a
review would make sense. Great, but now the boot loader runs a kernel
which hasn't been reviewed by Microsoft. Should they review the kernel
as well? It's impossible.
At some point, they have to trust the people developing the software,
and not the software itself. In essence, the shim is like a certificate
(since it's signed by Fedora implicitly via the package management system).
BTW, if you're wondering about loading your own modules or building
your own kernel, it wouldn't make sense to ask Fedora to trust your
piece of software,
No, it wouldn't. Why the frak should I ask anyone for permission to run
my own software on my own computer? Can you explain that concept to me?
Well, we agree, so just sign it yourself, there's no problem here.
since it would have nothing to do with Fedora and won't even be in
their repos.
Nobody said that it would.
So you have to do the logical thing, generate a personal key and sign
your own stuff with it.
But I can't do that. Only Fedora key's signed stuff will run.
Yes you can. You have to go up the chain. The top is the firmware,
where you'll put your key, then sign your own shim with it. The actual
boot loader will then be yours to chose, and you'll make it load your
own kernel. Etc.
And, if an individual can get a signed key, just for asking, for their
own stuff, so can an upper Moldovian, in order to right the next release
of Stuxnet, that's going to get bootstraped off Fedora.
You're living in a fantasy land.
Not quite. They would have to ask (a) the OEMs directly, (b) trust
brokers that the OEMs trust.
OEMs won't care about individuals, they can't possibly do, so they will
refuse all requests.
For now, the only trust broker is Microsoft (actually, we now know that
Verisign is somehow involved since they will receive the payments; and
they are arguably less biased). Microsoft/Verisign currently ask $100
for the signatures. Every time an attacker's malware is detected and
blacklisted, it would have to pay $100 to a trust broker to get a new
signature.
Now, I agree that it isn't much for certain botmasters, but at least
Verisign probably won't allow shady payments, and hiding the financial
trail of an electronic transaction with the payment methods Verisign
uses is increasingly difficult. Also, I guess Microsoft/Verisign will
ask for at least a little bit of information before signing, so you'd
have to come up with a believable story every time, possibly with
something to back it up. This will discourage a lot of attackers, and
will slow down the spread of malware significantly. That's the plan
anyway, and until now it's pretty sound.
Or, an attacker could walk you through the steps to install their key on
your firmware. For certain targets, I believe they'd be better off
paying Verisign rather than their phone bill. ;)
If the modules you want are of enough value for all Fedora users, you
can ask the kernel maintainers (I guess) to review them, sign them and
bundle them in the Fedora repositories. This feels natural.
I don't give a frak about that. I just want to run my own stuff, without
anyone else sticking their nose in my personal business. Is that too
much to ask?
As I said already, just sign it yourself, which is only natural since
you wouldn't be running Fedora software anymore, but your own little
derivative of Fedora.
You should cool down, BTW. That's just the slashdot effect, everyone
suddenly likes to hate and revolution sounds cooler than ever, but it
will pass.
--
t
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
