On 01/08/2013 07:15 PM, Peter Jones wrote:
On Tue, Jan 08, 2013 at 11:04:30AM -0500, Steve Clark wrote:
What about repins? I want to add my own custom package that is not signed and create a new CD with a custom ks.cfg.
How would that work?
You'd generate your own key, and people using your packages, who have
presumably decided they trust that you're really you through some other
method, would enrol your key in the MoK list on the machine. Alternately
you can pay $99 (one time only) and get your keys signed by something the
machine already trusts.
I don't think this is how it works. Earlier descriptions confirm what
you wrote, but to my knowledge, they do not describe the actual process.
The $99 certificate is used to authenticate to Microsoft only, and
Microsoft produces a completely unrelated signature on the blob you
submit, using a certificate of their own. Without this additional step,
the $99 certificate is just as good as any other. A new blessing has to
be obtained for every new blob.
You'd also have to rebuild the entire chain, which is quite a bit of
effort just for a custom kickstart configuration.
I don't think relying on Secure Boot is the best way to secure the
installation path. Theoretically, it is feasible, but it will always be
brittle. Those who cannot use Secure Boot (because they lack the
hardware or rely on kernel features disabled by Secure Boot) should have
access to a secure installation path, too.
--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
