[Mageia-dev] [council] *ping* Media query: secure boot support
Thomas Backlund
tmb at mageia.org
Tue Jan 29 19:19:19 CET 2013
Olav Vitters skrev 29.1.2013 14:40:
> On Tue, Jan 29, 2013 at 01:38:56PM +0200, Thomas Backlund wrote:
>> Olav Vitters skrev 29.1.2013 13:12:
>>> On Tue, Jan 29, 2013 at 11:11:55AM +0200, Thomas Backlund wrote:
>>
>>>
>>>> And personally, I dont think we should ever bother with the
>>>> SecureBoot crap as its flawed in so many ways...
>>>
>>> I quite like SecureBoot. This way you can avoid attacks on the boot
>>> sector.
>>>
>>
>> Yeah, and when MS screws up with one of the master keys
>> (or some hw wendor) think about the "dual-booters"
>>
>> Microsft pushes revocation key through windowsupdate, and you
>> suddenly find out your linux wont boot anymore, beacuse the
>> signature that is supposed to validate your boot has been
>> revoked...
>
> In which case I'd just turn secure boot off? Same for all the other
> examples. Maybe it at one point it has to be disabled, but at the moment
> that is not the case and it provides something useful.
>
and if the hw vendor has not implemented a way to turn it off...
--
Thomas
More information about the Mageia-dev
mailing list