On 12/16/20 5:38 PM, Kevin Fenzi wrote:
On Wed, Dec 16, 2020 at 04:28:49PM -0500, przemek klosowski via devel wrote:I was trying to make a point that we don't have a way to check the initial image: it could be altered to falsely claim to be signed by fedoraproject.well, we do: https://getfedora.org/security/
Right, but it's not automatic, and requires an existing
known-good system, which is the actual 'root of trust' here. This
cannot be assumed about a flash drive, which is why the automatic
image check is hard.
I guess it would involve a secure boot into a fedora signed shim that
- retrieves the checksum over a verified TLS network connection
- checks the image against that.
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
