Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Matthew Finkel <matthew.finkel@...>
Subject: Re: Re: UEFI secure boot and Gentoo
Date: Sun, 17 Jun 2012 12:56:34 -0400
<div class="gmail_quote">On Sun, Jun 17, 2012 at 11:51 AM, Michał Górny <span dir="ltr">&lt;<a href="mailto:mgorny@g.o" target="_blank">mgorny@g.o</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

On Sun, 17 Jun 2012 11:20:38 +0200<br>
<div><div class="h5">Florian Philipp &lt;<a href="mailto:lists@...">lists@...</a>&gt; wrote:<br>
<br>
&gt; Am 16.06.2012 19:51, schrieb Michał Górny:<br>
&gt; &gt; On Fri, 15 Jun 2012 09:54:12 +0200<br>
&gt; &gt; Florian Philipp &lt;<a href="mailto:lists@...">lists@...</a>&gt; wrote:<br>
&gt; &gt;<br>
&gt; &gt;&gt; Am 15.06.2012 06:50, schrieb Duncan:<br>
&gt; &gt;&gt;&gt; Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted:<br>
&gt; &gt;&gt;&gt;<br>
&gt; &gt;&gt;&gt;&gt; So, anyone been thinking about this?  I have, and it&#39;s not<br>
&gt; &gt;&gt;&gt;&gt; pretty.<br>
&gt; &gt;&gt;&gt;&gt;<br>
&gt; &gt;&gt;&gt;&gt; Should I worry about this and how it affects Gentoo, or not worry<br>
&gt; &gt;&gt;&gt;&gt; about Gentoo right now and just focus on the other issues?<br>
&gt; &gt;&gt;&gt;&gt;<br>
&gt; &gt;&gt;&gt;&gt; Minor details like, &quot;do we have a &#39;company&#39; that can pay<br>
&gt; &gt;&gt;&gt;&gt; Microsoft to sign our bootloader?&quot; is one aspect from the<br>
&gt; &gt;&gt;&gt;&gt; non-technical side that I&#39;ve been wondering about.<br>
&gt; &gt;&gt;&gt;<br>
&gt; &gt;&gt;&gt; I&#39;ve been following developments and wondering a bit about this<br>
&gt; &gt;&gt;&gt; myself.<br>
&gt; &gt;&gt;&gt;<br>
&gt; &gt;&gt;&gt; I had concluded that at least for x86/amd64, where MS is mandating<br>
&gt; &gt;&gt;&gt; a user controlled disable-signed-checking option, gentoo shouldn&#39;t<br>
&gt; &gt;&gt;&gt; have a problem.  Other than updating the handbook to accommodate<br>
&gt; &gt;&gt;&gt; UEFI, presumably along with the grub2 stabilization, I believe<br>
&gt; &gt;&gt;&gt; we&#39;re fine as if a user can&#39;t figure out how to disable that<br>
&gt; &gt;&gt;&gt; option on their (x86/amd64) platform, they&#39;re hardly likely to be<br>
&gt; &gt;&gt;&gt; a good match for gentoo in any case.<br>
&gt; &gt;&gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; As a user, I&#39;d still like to have the chance of using Secure Boot<br>
&gt; &gt;&gt; with Gentoo since it _really_ increases security. Even if it means<br>
&gt; &gt;&gt; I can no longer build my own kernel.<br>
&gt; &gt;<br>
&gt; &gt; It doesn&#39;t. It&#39;s just a very long wooden fence; you just didn&#39;t find<br>
&gt; &gt; the hole yet.<br>
&gt; &gt;<br>
&gt;<br>
&gt; Oh come on! That&#39;s FUD and you know it. If not, did you even look at<br>
&gt; the specs and working principle?<br>
<br>
</div></div>Could you answer the following question:<br></blockquote><div>(Sorry to jump in on this Florian)</div><div><br></div><div>The real problem that surrounds this idea of security is that we need to make </div><div>

_a lot_ of assumptions about the code/programs we run. We _trust_ that the </div><div>code we compile is as secure as possible and does not implement any </div><div>&quot;backdoors&quot;. If this is the case, then</div><div>

 </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
1. How does it increase security?<br></blockquote><div>This removed a few vectors of attack and ensures your computer is only</div><div>bootstrapped by and booted using software you think is safe. By using</div><div>any software we don&#39;t write, we make a lot of assumptions.</div>

<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
2. What happens if, say, your bootloader is compromised?<br></blockquote><div>Same thing that would happen if the bootloader was compromised today. </div><div>We currently rely on trusting the maintainer, code review, community review, etc.</div>

<div>Perhaps these efforts will need to be doubled now that any weak-link could </div><div>compromise the system.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


3. What happens if the machine signing the blobs is compromised?<br></blockquote><div>See above. But also, a compromised system wouldn&#39;t necessarily mean the</div><div>blobs would be compromised as well. In addition, ideally the priv-key would</div>

<div>be kept isolated to ensure a compromise would be extremely difficult.</div><div><br></div><div>My understanding is that it&#39;s not the case that UEFI will lock down a system to </div><div>prevent a compromise from occurring, it&#39;s the fact that it reduces the areas of attack </div>

<div>and/or makes the attacks extremely difficult to accomplish. This just adds more </div><div>protection in hardware for kernel-space that SELinux, apparmor, etc provide for userspace.</div><div><br></div><div>- Matt</div>

</div>
References:
UEFI secure boot and Gentoo
-- Greg KH
Re: UEFI secure boot and Gentoo
-- Duncan
Re: Re: UEFI secure boot and Gentoo
-- Florian Philipp
Re: Re: UEFI secure boot and Gentoo
-- Michał Górny
Re: Re: UEFI secure boot and Gentoo
-- Florian Philipp
Re: Re: UEFI secure boot and Gentoo
-- Michał Górny
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: UEFI secure boot and Gentoo
Next by thread:
Re: Re: UEFI secure boot and Gentoo
Previous by date:
Re: Re: UEFI secure boot and Gentoo
Next by date:
Re: Re: UEFI secure boot and Gentoo


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.