Re: The future of legacy BIOS support in Fedora.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/10/20 7:37 AM, Nicolas Mailhot wrote:
Le vendredi 10 juillet 2020 à 07:12 -0400, Przemek Klosowski via devel
a écrit :
My point is that however the updates are being produced, they need a
secure remote update method. It's not realistic to expect end users
to be in the loop
If you remove end users from the loop there is zero zip nada need for
secure boot in the first place. The sole function of secure boot and
DRPM is to prevent end users, present in the update loop, from doing
things the manufacturer disagreees with.

A system, that auto consults a remote update point, over https,
checking the certificate of this remote point, has zero need for secure
boot.

Not quite---as I said in next sentence that you didn't include in your quote, secure boot also tries to prevent unauthorized modifications, for instance resulting from exploited vulnerabilities. It turns out that legitimate owners aren't the only users of IOT :)

Look---I agree this is a complex situation. Secure boot has many consequences, and I share your concerns about many of them (walled gardens and loss of control over hardware we own). This does not change the fact that the current technology is inadequate and needs to evolve.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux