Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Florian Philipp <lists@...>
Subject: Re: UEFI secure boot and Gentoo
Date: Fri, 15 Jun 2012 10:37:02 +0200
Am 15.06.2012 09:58, schrieb Richard Farina:
> On 06/15/2012 03:12 AM, Ben de Groot wrote:
>> On 15 June 2012 13:24, Arun Raghavan <ford_prefect@g.o> wrote:
>>> On 15 June 2012 10:33, Ben de Groot <yngwin@g.o> wrote:
>>>> On 15 June 2012 12:45, Arun Raghavan <ford_prefect@g.o> wrote:
>>>>> On 15 June 2012 09:58, Greg KH <gregkh@g.o> wrote:
>>>>>> So, anyone been thinking about this?  I have, and it's not pretty.
>>>>>>
>>>>>> Minor details like, "do we have a 'company' that can pay Microsoft to
>>>>>> sign our bootloader?" is one aspect from the non-technical side that I've
>>>>>> been wondering about.
>>>>>
>>>>> Sounds like something the Gentoo Foundation could do.
>>>>
>>>> I'm certainly not the only one who would be averse to paying Microsoft
>>>> any ransom money.
>>>
>>> And our refusal to pay for the signing affects precisely nobody except
>>> for our users, who will have to jump through an extra hoop to make
>>> their system work.
>>>
>>> On the flip side, having a simple way to use this infrastructure means
>>> that people who care about security can get a chain of trust from the
>>> firmware to the kernel (heck, maybe even userspace one day). This is
>>> something that is worth having as well.
>>
>> I agree that security is a worthwhile goal. I just don't trust Microsoft.
>>
> It's more of a "pay us or your system can't boot" that I'm opposed to.
> Saying "I just don't trust Microsoft" is second to "I just don't trust
> corporations that extort money from me just so I can boot".  I don't
> care who we are paying, I'm offended by the idea.  If users can't build
> their own fully functional boot loader that's an issue.
> 
> I'm all for the signed "work-around signatures" idea as it is the least
> objectionable... if such a thing is even possible.
> 
> -Zero
> 

It is the most objectionable idea *I* can think of. Most importantly
because it puts the Dev who volunteers to prove his or her identity to
Verisign into a huge legal risk:

Secure Boot is designed to prevent root kits. And whether you like it or
not, it achieves this goal since it is a well designed system with few
potential flaws. That means providing signature work-arounds which
include your actual real name and other identifiable records (as they
have to contain your public key) makes you an accessory to computer crimes.

Besides, it wouldn't work long. They can blacklist keys. This isn't a
half-arsed pseudo-secure system like DVD-CSS or WEP. We cannot break it
in a 10 minute mailing list discussion. We have to play by the rules or
don't play at all. Everything else will require years or decades of
research.

Regards,
Florian Philipp

Regards,
Florian Philipp

Attachment:
signature.asc (OpenPGP digital signature)
References:
UEFI secure boot and Gentoo
-- Greg KH
Re: UEFI secure boot and Gentoo
-- Arun Raghavan
Re: UEFI secure boot and Gentoo
-- Ben de Groot
Re: UEFI secure boot and Gentoo
-- Arun Raghavan
Re: UEFI secure boot and Gentoo
-- Ben de Groot
Re: UEFI secure boot and Gentoo
-- Richard Farina
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: UEFI secure boot and Gentoo
Next by thread:
Re: UEFI secure boot and Gentoo
Previous by date:
Re: UEFI secure boot and Gentoo
Next by date:
Re: RFC: new global useflag libass


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.