[Mageia-discuss] UEFI and Secure Boot

Thomas Backlund tmb at mageia.org
Tue Aug 14 20:48:30 CEST 2012


Tony Blackwell skrev 11.8.2012 08:02:
> An issue now in buying new hardware.  SUSE seem to have come up with a
> useful approach.
> See:
> http://www.suse.com/blogs/uefi-secure-boot-details/
>
> and comment from Matthew Garrett:
> http://mjg59.dreamwidth.org/15818.html
>
> Useful for Mageia?
> Tonyb


I must say I'm amused by the fact that MS marketing machinery has
managed to fool an entire industry and users into thinking that
the UEFI "Secure Boot" actually will make their systems more
secure...

The attack vector is still pretty "simple"...
With the amount of hw/sw vendors out there, it will not take long
for the "signing key / tools" will leak out in the wild...
(if it's not already available)

Yes, keys/certs can be revoked, and new added, but that's the
next attack vector... compromise the tool used to revoke/add keys,
and you get automatic adding of new compromized keys...
and so on....

Point is that if someone manage to come up with "a supposedly
secure system" there will always be someone else that will
figure out how to break it....

And people will go on thinking their systems is more secure,
click on everything they find on the net, and get compromized
systems again... and wonder what happend...

-- 
Thomas




More information about the Mageia-discuss mailing list