On Thu, 2020-07-09 at 07:46 -0700, John M. Harris Jr wrote: > On Thursday, July 9, 2020 3:38:54 AM MST Richard Hughes wrote: > > On Wed, 8 Jul 2020 at 22:19, John M. Harris Jr < > > johnmh@xxxxxxxxxxxxx> > > wrote: > > > This is not something that's beneficial here, it's only > > > harming our users. > > > > That seems exceedingly myopic to me. I'm guessing you've not been > > following the last few years of security research, where attacking > > the > > firmware is now the best way to own a machine. And please don't > > lecture me on why BIOS is more secure than UEFI, "compatibility" > > mode > > is implemented *on top of* the UEFI bios these days, rather than as > > a > > completely different software stack. > > "Attacking" the firmware has always been the best option, even with > BIOS boot > systems. For example, coreboot is technically a hostile payload, to > the OEM. > That doesn't mean that it makes any sense to prevent the end user > from > actually owning the hardware they've purchased, and doing with it > what they > please. Yes, that's why "secure boot" should only be an option and the user must have the option to turn it off. Otherwise, it wouldn't be possible to do any kernel development on that computer. > > > > If you've got root, you can STILL do almost anything to the > > > hardware, > > > including disabling various "firmware protection technologies". > > > > I don't think you understand what enabling SecureBoot actually > > does. > > "Secure Boot" doesn't make root non-uid 0, and can't keep root from > controlling system devices, even uploading unsigned firmware to > peripherals. > At the point that anything but the end user gets root on a Fedora > install, all > of these "security gains" provided by creating needless headache for > those > running under "Secure Boot" are null and void. Yeah, for me, it's pretty weak as a mitigation effort, because it will usually only have some protective effect if someone already has root on your computer, and that's already pretty bad. You don't normally want to allow that to happen ever. And when someone has root, they can do pretty much anything. IMHO, it's a lot of effort and inconvenience for very little actual gain. But, that's why it should only be an option and not mandatory. But yes, it might make sense for certain use cases. Nikolay _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx