Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Sascha Cunz <sascha-ml@...>
Subject: Re: Re: UEFI secure boot and Gentoo
Date: Sun, 17 Jun 2012 19:34:03 +0200
[...]

> It doesn't. It's just a very long wooden fence; you just didn't find
> the hole yet.

Given the fact that the keys in the BIOS must somehow get there and it must 
also be able to update them (how to revoke or add keys else?).

Unless this is completely done in hardware, there must be a software doing it. 
Software can - by design - be reverse engineered; in some countries even 
legally without any further agreement or license.

So, you can sign, encrypt, obfuscate or use some other foobar-mechanism on 
this blob of software - at some point it must be readable from the processor, 
so you have to provide the mechanisms to verify signs, undo encryption etc 
somewhere (either in hardware or another software).

Even if you somehow manage to embed all of this in the hardware stack, it 
would still require some kind of interface to get updated / revoked keys to 
operate on.

It's not a matter of *if this can* be broken by someone who cares, it's a 
matter of *how long does it take* for someone who cares to break it.

In the end, this is just another kind of "seems to be secure for a day or 
two". Admittedly a complex one - but there will always be a "kid in a garage" 
that is able to set everyone else out of business.

SaCu


Replies:
Re: Re: UEFI secure boot and Gentoo
-- Florian Philipp
Re: Re: UEFI secure boot and Gentoo
-- Rich Freeman
References:
UEFI secure boot and Gentoo
-- Greg KH
Re: Re: UEFI secure boot and Gentoo
-- Florian Philipp
Re: Re: UEFI secure boot and Gentoo
-- Michał Górny
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: UEFI secure boot and Gentoo
Next by thread:
Re: Re: UEFI secure boot and Gentoo
Previous by date:
Re: Re: UEFI secure boot and Gentoo
Next by date:
Re: Re: UEFI secure boot and Gentoo


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.