> The proper way to do this is to issue a unique key for each board > that has the private signing key included for the users who wish to > add personally signed software. Their key does not work on any other > machine, of course. Distros could sign their material. And if the user > wishes to recompile a kernel they can sign it with their own key and > still boot with it. While they made a right mess of it and IMHO tried to play ugly cynical games (and still are on ARM) the underlying concern isn't entirely bogus. The signing extends through the system including all the firmware. That means that the firmware you get is the firmware the vendor intended you to get which cuts out an interesting (and it seems growing) like of attacks based upon shipping people computers with trojaned firmware. Now given a lot of this will be built in countries that the USA doesn't trust, by people they don't trust I'm not sure what impact it will have on the really "interesting" uses of such technology, but it cuts out some stuff. And there is a real issue because as other security improves and systems with interesting stuff on become highly isolated firmware attacks and shipping people "pre trojanned" systems into banks etc becomes a rather attractive attack model. Alan -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
