1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] [council] *ping* Media query: secure boot support
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5Bcouncil%5D%20%2Aping%2A%20Media%20query%3A%20secure%20boot%20support&In-Reply-To=%3C5107B4D0.3060302%40mageia.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="022195.html">
<LINK REL="Next" HREF="022210.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] [council] *ping* Media query: secure boot support</H1>
<B>Thomas Backlund</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5Bcouncil%5D%20%2Aping%2A%20Media%20query%3A%20secure%20boot%20support&In-Reply-To=%3C5107B4D0.3060302%40mageia.org%3E"
TITLE="[Mageia-dev] [council] *ping* Media query: secure boot support">tmb at mageia.org
</A><BR>
<I>Tue Jan 29 12:38:56 CET 2013</I>
<P><UL>
<LI>Previous message: <A HREF="022195.html">[Mageia-dev] [council] *ping* Media query: secure boot support
</A></li>
<LI>Next message: <A HREF="022210.html">[Mageia-dev] [council] *ping* Media query: secure boot support
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#22200">[ date ]</a>
<a href="thread.html#22200">[ thread ]</a>
<a href="subject.html#22200">[ subject ]</a>
<a href="author.html#22200">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Olav Vitters skrev 29.1.2013 13:12:
><i> On Tue, Jan 29, 2013 at 11:11:55AM +0200, Thomas Backlund wrote:
</I>
><i>
</I>>><i> And personally, I dont think we should ever bother with the
</I>>><i> SecureBoot crap as its flawed in so many ways...
</I>><i>
</I>><i> I quite like SecureBoot. This way you can avoid attacks on the boot
</I>><i> sector.
</I>><i>
</I>
Yeah, and when MS screws up with one of the master keys
(or some hw wendor) think about the "dual-booters"
Microsft pushes revocation key through windowsupdate, and you
suddenly find out your linux wont boot anymore, beacuse the
signature that is supposed to validate your boot has been
revoked...
Or a "local dos": just add a single byte to the end of some
of the signed files/images and the signature checks fail,
ending up with non-bootable system.... you dont even need
to exploit it further....
Or MS alters license rules around key signing, so when your
key expires, guess what... and ms wont be in a hurry to fix
it.... look at the time it has taken so far for linux foundation
to try and get proper signatre key....
or...
There is so many fun ways to screw up this "security illusion",
that it should be buried & forgotten already...
this "secure boot" pushed by ms is also in reality a ms-restricted boot...
--
Thomas
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="022195.html">[Mageia-dev] [council] *ping* Media query: secure boot support
</A></li>
<LI>Next message: <A HREF="022210.html">[Mageia-dev] [council] *ping* Media query: secure boot support
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#22200">[ date ]</a>
<a href="thread.html#22200">[ thread ]</a>
<a href="subject.html#22200">[ subject ]</a>
<a href="author.html#22200">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
