1 |
Am 17.06.2012 19:06, schrieb Michał Górny: |
2 |
> On Sun, 17 Jun 2012 09:55:35 -0700 |
3 |
> Greg KH <gregkh@g.o> wrote: |
4 |
> |
5 |
>> On Sun, Jun 17, 2012 at 05:51:04PM +0200, Michał Górny wrote: |
6 |
[...] |
7 |
> |
8 |
>>> 3. What happens if the machine signing the blobs is compromised? |
9 |
>> |
10 |
>> So, who's watching the watchers, right? Come on, this is getting |
11 |
>> looney. |
12 |
> |
13 |
> I'm just pointing out that this simply relies on trusting people. Much |
14 |
> like not having those signatures. |
15 |
> |
16 |
|
17 |
If you are so much worried about it, UEFI allows you to remove all keys |
18 |
and just add your own. That way, only code signed by you will be executed. |
19 |
|
20 |
And in the standard case, well, it is just as good (or bad) as the SSL |
21 |
certificate business. It's not a perfect system but it is better than |
22 |
having everyone using self-signed certificates or none at all. |
23 |
|
24 |
Regards, |
25 |
Florian Philipp |