[Mageia-dev] [council] *ping* Media query: secure boot support

Thomas Backlund tmb at mageia.org
Tue Jan 29 12:38:56 CET 2013


Olav Vitters skrev 29.1.2013 13:12:
> On Tue, Jan 29, 2013 at 11:11:55AM +0200, Thomas Backlund wrote:

>
>> And personally, I dont think we should ever bother with the
>> SecureBoot crap as its flawed in so many ways...
>
> I quite like SecureBoot. This way you can avoid attacks on the boot
> sector.
>

Yeah, and when MS screws up with one of the master keys
(or some hw wendor) think about the "dual-booters"

Microsft pushes revocation key through windowsupdate, and you
suddenly find out your linux wont boot anymore, beacuse the
signature that is supposed to validate your boot has been
revoked...

Or a "local dos": just add a single byte to the end of some
of the signed files/images and the signature checks fail,
ending up with non-bootable system.... you dont even need
to exploit it further....

Or MS alters license rules around key signing, so when your
key expires, guess what... and ms wont be in a hurry to fix
it.... look at the time it has taken so far for linux foundation
to try and get proper signatre key....

or...

There is so many fun ways to screw up this "security illusion",
that it should be buried & forgotten already...

this "secure boot" pushed by ms is also in reality a ms-restricted boot...

--
Thomas



More information about the Mageia-dev mailing list