On 09/19/2012 05:00 PM, Alan Cox wrote:
The proper way to do this is to issue a unique key for each board
that has the private signing key included for the users who wish to
add personally signed software. Their key does not work on any other
machine, of course. Distros could sign their material. And if the user
wishes to recompile a kernel they can sign it with their own key and
still boot with it.
While they made a right mess of it and IMHO tried to play ugly cynical
games (and still are on ARM) the underlying concern isn't entirely bogus.
The signing extends through the system including all the firmware. That
means that the firmware you get is the firmware the vendor intended you
to get which cuts out an interesting (and it seems growing) like of
attacks based upon shipping people computers with trojaned firmware.
Now given a lot of this will be built in countries that the USA doesn't
trust, by people they don't trust I'm not sure what impact it will have
on the really "interesting" uses of such technology, but it cuts out some
stuff.
And there is a real issue because as other security improves and systems
with interesting stuff on become highly isolated firmware attacks and
shipping people "pre trojanned" systems into banks etc becomes a rather
attractive attack model.
Alan
What you say is indeed a very ppssible scenario, as the US has
lost a lot of friends recently, especially among the countries that
manufacture the high tech we buy.
The question I have is, can the buyer simply choose NOT to
use uefi (i.e. blow it off the system) and boot any OS of choice
which will not insist on the presence of any UEFI?
I think the answer to this question is more important as it provides
an "opt-out" choice to the consumer.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org