Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Florian Philipp <lists@...>
Subject: Re: Re: UEFI secure boot and Gentoo
Date: Sun, 17 Jun 2012 19:40:34 +0200
Am 17.06.2012 19:10, schrieb Michał Górny:
> On Sun, 17 Jun 2012 12:56:34 -0400
> Matthew Finkel <matthew.finkel@...> wrote:
> 
>> On Sun, Jun 17, 2012 at 11:51 AM, Michał Górny <mgorny@g.o>
>> wrote:
>>> 1. How does it increase security?
>>>
>> This removed a few vectors of attack and ensures your computer is only
>> bootstrapped by and booted using software you think is safe. By using
>> any software we don't write, we make a lot of assumptions.
> 
> I agree that it removes a few vectors of attack. But this doesn't
> necessarily mean the system is more secure. It has one vulnerability
> less but let's not get overenthusiastic.
> 
> I'm basically trying to point out that a single solution like that can
> do more evil than good if people will believe it's perfect.
> 

I think I now understand your train of thought. But I don't think anyone
implied that Secure Boot solves each and every security issue. What it
does, however, is impose new hurdles for malware authors. Therefore I
don't see a reason not to use it as long as the inconveniences and
limitations it imposes are acceptable for my particular use case.

>>> 3. What happens if the machine signing the blobs is compromised?
>>>
>> See above. But also, a compromised system wouldn't necessarily mean
>> the blobs would be compromised as well. In addition, ideally the
>> priv-key would be kept isolated to ensure a compromise would be
>> extremely difficult.
> 
> In my opinion, if a toolchain is quietly compromised, everything built
> on the particular machine can be compromised. And signed. I doubt that
> someone will check bit-exact machine code of the toolchain
> and operating system before starting to sign packages.
> 

Just because you cannot rule out bugs doesn't mean you shouldn't use
security enhancing systems. Don't tell me you open telnet for root
access to your machines just because you cannot rule out the chance that
SSH is compromised or someone compromised the SSH source code you
downloaded from the Gentoo mirrors.

Regards,
Florian Philipp

Attachment:
signature.asc (OpenPGP digital signature)
References:
UEFI secure boot and Gentoo
-- Greg KH
Re: UEFI secure boot and Gentoo
-- Duncan
Re: Re: UEFI secure boot and Gentoo
-- Florian Philipp
Re: Re: UEFI secure boot and Gentoo
-- Michał Górny
Re: Re: UEFI secure boot and Gentoo
-- Florian Philipp
Re: Re: UEFI secure boot and Gentoo
-- Michał Górny
Re: Re: UEFI secure boot and Gentoo
-- Matthew Finkel
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: UEFI secure boot and Gentoo
Next by thread:
Re: Re: UEFI secure boot and Gentoo
Previous by date:
Re: Re: UEFI secure boot and Gentoo
Next by date:
Re: spec draft for cross-compile support in future EAPI (EAPI-5)


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.