On 06/01/2012 02:27 PM, William Brown wrote:
The problem with this scheme is that a "trusted" os would in theory, with the users permission be able to some how update the trusted key repository on the firmware. Which means the security of your machine is as good as the security of your firmware / the OS that is "trusted" to update the keys. Given certain operating systems weak security record in the past, I would say that doing this would sadly amount to proving no security benefit at all ;)
Typically you would only be able to manage the keys via the UEFI firmware UI, only accessible at boot time. Now of course an attack can be mounted against the firmware, but these are often set up to only initialize the minimum hardware necessary to run the boot loader. I don't think you can reduce the attack surface much more than that, and it's a good thing to keep it contained.
-- t -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
