1 |
On Sun, 17 Jun 2012 11:20:38 +0200 |
2 |
Florian Philipp <lists@×××××××××××.net> wrote: |
3 |
|
4 |
> Am 16.06.2012 19:51, schrieb Michał Górny: |
5 |
> > On Fri, 15 Jun 2012 09:54:12 +0200 |
6 |
> > Florian Philipp <lists@×××××××××××.net> wrote: |
7 |
> > |
8 |
> >> Am 15.06.2012 06:50, schrieb Duncan: |
9 |
> >>> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted: |
10 |
> >>> |
11 |
> >>>> So, anyone been thinking about this? I have, and it's not |
12 |
> >>>> pretty. |
13 |
> >>>> |
14 |
> >>>> Should I worry about this and how it affects Gentoo, or not worry |
15 |
> >>>> about Gentoo right now and just focus on the other issues? |
16 |
> >>>> |
17 |
> >>>> Minor details like, "do we have a 'company' that can pay |
18 |
> >>>> Microsoft to sign our bootloader?" is one aspect from the |
19 |
> >>>> non-technical side that I've been wondering about. |
20 |
> >>> |
21 |
> >>> I've been following developments and wondering a bit about this |
22 |
> >>> myself. |
23 |
> >>> |
24 |
> >>> I had concluded that at least for x86/amd64, where MS is mandating |
25 |
> >>> a user controlled disable-signed-checking option, gentoo shouldn't |
26 |
> >>> have a problem. Other than updating the handbook to accommodate |
27 |
> >>> UEFI, presumably along with the grub2 stabilization, I believe |
28 |
> >>> we're fine as if a user can't figure out how to disable that |
29 |
> >>> option on their (x86/amd64) platform, they're hardly likely to be |
30 |
> >>> a good match for gentoo in any case. |
31 |
> >>> |
32 |
> >> |
33 |
> >> As a user, I'd still like to have the chance of using Secure Boot |
34 |
> >> with Gentoo since it _really_ increases security. Even if it means |
35 |
> >> I can no longer build my own kernel. |
36 |
> > |
37 |
> > It doesn't. It's just a very long wooden fence; you just didn't find |
38 |
> > the hole yet. |
39 |
> > |
40 |
> |
41 |
> Oh come on! That's FUD and you know it. If not, did you even look at |
42 |
> the specs and working principle? |
43 |
|
44 |
Could you answer the following question: |
45 |
|
46 |
1. How does it increase security? |
47 |
2. What happens if, say, your bootloader is compromised? |
48 |
3. What happens if the machine signing the blobs is compromised? |
49 |
|
50 |
-- |
51 |
Best regards, |
52 |
Michał Górny |