On Mon, Jun 25, 2012 at 3:28 PM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: > That does not answer the question. Ubuntu would work on Secure Boot hardware if they recommended users disable Secure Boot. So why not recommend that, and not support Secure Boot at all? I advocated that. It was argued here that this would be an enormous barrier to usability because common users couldn't figure out how to do that, doubly so because there would be no consistency in the fancy GUI UEFI interfaces, and asking people to disable "security" is likely to scare them even if we could manage good instructions. It was also pointed out that some hardware in the future may not allow it. > So you have located a vulnerability in SELinux or systemd? And you have an exploit example? Absent those vulnerabilities you don't need secureboot at all. Just use SElinux to prevent the userspace from changing the boot enviroment. The signing only helps if the discretionary access control is already compromised— it helps you get the horse back in the barn, but only if enough of the system is protected by it. In Fedora the kernel+bootloader isn't enough. It's a strict subset it helps with. ... I expect this is part of the reason that we've seen no one requesting this functionality. Can you point me to a bugzilla entry or even a mailing list post on a compromise this actually would have blocked, preferably one that couldn't have been closed without complicating replacing the kernel. > I observe that this sequence is extremely low signal to noise, poor rationale, and high on derangement. Derangement. Hm. Could you actually _feel_ the excellence flowing through your fingertips as you typed out this message? -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
