[Mageia-dev] [council] ping Media query: secure boot support

Tue Jan 29 12:38:56 CET 2013

Olav Vitters skrev 29.1.2013 13:12:
+> On Tue, Jan 29, 2013 at 11:11:55AM +0200, Thomas Backlund wrote:
+
+>
+>> And personally, I dont think we should ever bother with the
+>> SecureBoot crap as its flawed in so many ways...
+>
+> I quite like SecureBoot. This way you can avoid attacks on the boot
+> sector.
+>
+
+Yeah, and when MS screws up with one of the master keys
+(or some hw wendor) think about the "dual-booters"
+
+Microsft pushes revocation key through windowsupdate, and you
+suddenly find out your linux wont boot anymore, beacuse the
+signature that is supposed to validate your boot has been
+revoked...
+
+Or a "local dos": just add a single byte to the end of some
+of the signed files/images and the signature checks fail,
+ending up with non-bootable system.... you dont even need
+to exploit it further....
+
+Or MS alters license rules around key signing, so when your
+key expires, guess what... and ms wont be in a hurry to fix
+it.... look at the time it has taken so far for linux foundation
+to try and get proper signatre key....
+
+or...
+
+There is so many fun ways to screw up this "security illusion",
+that it should be buried & forgotten already...
+
+this "secure boot" pushed by ms is also in reality a ms-restricted boot...
+
+--
+Thomas
+
+

[Mageia-dev] [council] *ping* Media query: secure boot support

[Mageia-dev] [council] ping Media query: secure boot support