Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Michał Górny <mgorny@g.o>
Subject: Re: Re: UEFI secure boot and Gentoo
Date: Sun, 17 Jun 2012 17:51:04 +0200
On Sun, 17 Jun 2012 11:20:38 +0200
Florian Philipp <lists@...> wrote:

> Am 16.06.2012 19:51, schrieb Michał Górny:
> > On Fri, 15 Jun 2012 09:54:12 +0200
> > Florian Philipp <lists@...> wrote:
> > 
> >> Am 15.06.2012 06:50, schrieb Duncan:
> >>> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted:
> >>>
> >>>> So, anyone been thinking about this?  I have, and it's not
> >>>> pretty.
> >>>>
> >>>> Should I worry about this and how it affects Gentoo, or not worry
> >>>> about Gentoo right now and just focus on the other issues?
> >>>>
> >>>> Minor details like, "do we have a 'company' that can pay
> >>>> Microsoft to sign our bootloader?" is one aspect from the
> >>>> non-technical side that I've been wondering about.
> >>>
> >>> I've been following developments and wondering a bit about this
> >>> myself.
> >>>
> >>> I had concluded that at least for x86/amd64, where MS is mandating
> >>> a user controlled disable-signed-checking option, gentoo shouldn't
> >>> have a problem.  Other than updating the handbook to accommodate
> >>> UEFI, presumably along with the grub2 stabilization, I believe
> >>> we're fine as if a user can't figure out how to disable that
> >>> option on their (x86/amd64) platform, they're hardly likely to be
> >>> a good match for gentoo in any case.
> >>>
> >>
> >> As a user, I'd still like to have the chance of using Secure Boot
> >> with Gentoo since it _really_ increases security. Even if it means
> >> I can no longer build my own kernel.
> > 
> > It doesn't. It's just a very long wooden fence; you just didn't find
> > the hole yet.
> > 
> 
> Oh come on! That's FUD and you know it. If not, did you even look at
> the specs and working principle?

Could you answer the following question:

1. How does it increase security?
2. What happens if, say, your bootloader is compromised?
3. What happens if the machine signing the blobs is compromised?

-- 
Best regards,
Michał Górny
Attachment:
signature.asc (PGP signature)
Replies:
Re: Re: UEFI secure boot and Gentoo
-- Matthew Finkel
Re: Re: UEFI secure boot and Gentoo
-- Greg KH
References:
UEFI secure boot and Gentoo
-- Greg KH
Re: UEFI secure boot and Gentoo
-- Duncan
Re: Re: UEFI secure boot and Gentoo
-- Florian Philipp
Re: Re: UEFI secure boot and Gentoo
-- Michał Górny
Re: Re: UEFI secure boot and Gentoo
-- Florian Philipp
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: UEFI secure boot and Gentoo
Next by thread:
Re: Re: UEFI secure boot and Gentoo
Previous by date:
Re: [RFC]flag-o-matic.eclass strip-flags change to support prefix
Next by date:
Re: [RFC] Dynamic SLOTs


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.