Re: [RFC] Second attempt at kernel secure boot support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"H. Peter Anvin" <hpa@xxxxxxxxx> writes:

> This is not a good thing to assume.  A vendor could have an external
> button, for example.

Facts are always a good thing to assume.

The fact is the general case does not admit an install without user
interaction.

It makes a lot of sense to revisit the working assumptions when for lack
of 3 o4 4 lines in the bootloader people are advocating turning gold
into lead at the cost of a national banking bailout.

Non-interactive installs are very interesting but they only make sense
in a very narrow range of cases not on every in every BIOS state on
every machine.  If the UEFI firmware will let me install a platform key
and set ever other firmware setting in my installer, then it is a good
starting state.  The rest of the time there will be some unpredictable
inconsistent mess of firmware settings that someone is going to have to
go in and fix.  Or the install cd will have blown away my existing
partitions deleting data I forgot to back up that day.

The notion that a non-interactive install is possible in the general
case is complete and total hogwash.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux