| 1 |
On 15 June 2012 10:26, Greg KH <gregkh@g.o> wrote: |
| 2 |
> On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote: |
| 3 |
>> On 15 June 2012 09:58, Greg KH <gregkh@g.o> wrote: |
| 4 |
>> > So, anyone been thinking about this? I have, and it's not pretty. |
| 5 |
>> > |
| 6 |
>> > Should I worry about this and how it affects Gentoo, or not worry about |
| 7 |
>> > Gentoo right now and just focus on the other issues? |
| 8 |
>> |
| 9 |
>> I think it at least makes sense to talk about it, and work out what we |
| 10 |
>> can and cannot do. |
| 11 |
>> |
| 12 |
>> I guess we're in an especially bad position since everybody builds |
| 13 |
>> their own bootloader. Is there /any/ viable solution that allows |
| 14 |
>> people to continue doing this short of distributing a first-stage |
| 15 |
>> bootloader blob? |
| 16 |
> |
| 17 |
> Distributing a first-stage bootloader blob, that is signed by Microsoft, |
| 18 |
> or someone, seems to be the only way to easily handle this. |
| 19 |
> |
| 20 |
> Although all BIOSes will have the option to turn secure boot off, I |
| 21 |
> think it is something that we might not want to require for Gentoo to |
| 22 |
> work properly on those machines. |
| 23 |
> |
| 24 |
> Also, some people might really want to sign their own bootloader and |
| 25 |
> kernel, and kernel modules (myself included), so just getting that basic |
| 26 |
> infrastructure in place is going to take some work, no matter who ends |
| 27 |
> up signing the first-stage bootloader blob. |
| 28 |
|
| 29 |
I hadn't thought of that. I imagine the hardened team might be |
| 30 |
interested in making such infrastructure easily available as well. |
| 31 |
|
| 32 |
> Oh, and on the first-stage bootloader front, I already know of 2 simple, |
| 33 |
> and open source, examples that will work for Linux, so getting something |
| 34 |
> like that signed might not be very tough. It's the "where does the |
| 35 |
> chain-of-trust stop" question that gets tricky... |
| 36 |
|
| 37 |
For validating the chain of trust, it might be useful to make it |
| 38 |
possible for anyone to generate the same bootloader and verify the |
| 39 |
hashes themselves. For the truly paranoid maybe a signed stage3 + |
| 40 |
portage snapshot to generate the bootloader image from scratch. |
| 41 |
|
| 42 |
>> > Minor details like, "do we have a 'company' that can pay Microsoft to |
| 43 |
>> > sign our bootloader?" is one aspect from the non-technical side that I've |
| 44 |
>> > been wondering about. |
| 45 |
>> |
| 46 |
>> Sounds like something the Gentoo Foundation could do. |
| 47 |
> |
| 48 |
> Can they do that? I haven't been paying attention to if we are really a |
| 49 |
> legal entity still or not, sorry. |
| 50 |
|
| 51 |
I believe so, but quantumsummers is likely the best person to confirm. |
| 52 |
|
| 53 |
-- |
| 54 |
Arun Raghavan |
| 55 |
http://arunraghavan.net/ |
| 56 |
(Ford_Prefect | Gentoo) & (arunsr | GNOME) |
Archives