Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: Michał Górny <mgorny@g.o>
From: Greg KH <gregkh@g.o>
Subject: Re: Re: UEFI secure boot and Gentoo
Date: Sun, 17 Jun 2012 10:56:42 -0700
On Sun, Jun 17, 2012 at 07:06:16PM +0200, Michał Górny wrote:
> On Sun, 17 Jun 2012 09:55:35 -0700
> Greg KH <gregkh@g.o> wrote:
> 
> > On Sun, Jun 17, 2012 at 05:51:04PM +0200, Michał Górny wrote:
> > > 2. What happens if, say, your bootloader is compromised?
> > 
> > And how would this happen?  Your bootloader would not run.
> 
> Yes. I'm asking what happens next. Is there an easy way to replace it?

I do not know, you need to test this on a UEFI secure boot system to see
what happens.

> Or is your computer bricked until you run some other bootloader to
> replace the compromised one?

Probably.

> > > 3. What happens if the machine signing the blobs is compromised?
> > 
> > So, who's watching the watchers, right?  Come on, this is getting
> > looney.
> 
> I'm just pointing out that this simply relies on trusting people. Much
> like not having those signatures.

Of course, this is life, and should not be anything "new" to you or
anyone else.

And before you get upset, do you trust the "people" who implemented the
firmware in your processor and I/O controllers?  This argument is not
one that is worth discussing.

greg k-h


References:
UEFI secure boot and Gentoo
-- Greg KH
Re: UEFI secure boot and Gentoo
-- Duncan
Re: Re: UEFI secure boot and Gentoo
-- Florian Philipp
Re: Re: UEFI secure boot and Gentoo
-- Michał Górny
Re: Re: UEFI secure boot and Gentoo
-- Florian Philipp
Re: Re: UEFI secure boot and Gentoo
-- Michał Górny
Re: Re: UEFI secure boot and Gentoo
-- Greg KH
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: UEFI secure boot and Gentoo
Next by thread:
Re: Re: UEFI secure boot and Gentoo
Previous by date:
Re: Re: UEFI secure boot and Gentoo
Next by date:
Re: Re: UEFI secure boot and Gentoo


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.