Gentoo Archives: gentoo-dev

From: Florian Philipp <lists@×××××××××××.net>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo
Date: Sun, 17 Jun 2012 17:41:35
Message-Id: 4FDE1692.4020305@binarywings.net
In Reply to: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo by "Michał Górny"
1 Am 17.06.2012 19:10, schrieb Michał Górny:
2 > On Sun, 17 Jun 2012 12:56:34 -0400
3 > Matthew Finkel <matthew.finkel@×××××.com> wrote:
4 >
5 >> On Sun, Jun 17, 2012 at 11:51 AM, Michał Górny <mgorny@g.o>
6 >> wrote:
7 >>> 1. How does it increase security?
8 >>>
9 >> This removed a few vectors of attack and ensures your computer is only
10 >> bootstrapped by and booted using software you think is safe. By using
11 >> any software we don't write, we make a lot of assumptions.
12 >
13 > I agree that it removes a few vectors of attack. But this doesn't
14 > necessarily mean the system is more secure. It has one vulnerability
15 > less but let's not get overenthusiastic.
16 >
17 > I'm basically trying to point out that a single solution like that can
18 > do more evil than good if people will believe it's perfect.
19 >
20
21 I think I now understand your train of thought. But I don't think anyone
22 implied that Secure Boot solves each and every security issue. What it
23 does, however, is impose new hurdles for malware authors. Therefore I
24 don't see a reason not to use it as long as the inconveniences and
25 limitations it imposes are acceptable for my particular use case.
26
27 >>> 3. What happens if the machine signing the blobs is compromised?
28 >>>
29 >> See above. But also, a compromised system wouldn't necessarily mean
30 >> the blobs would be compromised as well. In addition, ideally the
31 >> priv-key would be kept isolated to ensure a compromise would be
32 >> extremely difficult.
33 >
34 > In my opinion, if a toolchain is quietly compromised, everything built
35 > on the particular machine can be compromised. And signed. I doubt that
36 > someone will check bit-exact machine code of the toolchain
37 > and operating system before starting to sign packages.
38 >
39
40 Just because you cannot rule out bugs doesn't mean you shouldn't use
41 security enhancing systems. Don't tell me you open telnet for root
42 access to your machines just because you cannot rule out the chance that
43 SSH is compromised or someone compromised the SSH source code you
44 downloaded from the Gentoo mirrors.
45
46 Regards,
47 Florian Philipp

Attachments

File name MIME type
signature.asc application/pgp-signature