1 |
On Sun, Jun 17, 2012 at 07:06:16PM +0200, Michał Górny wrote: |
2 |
> On Sun, 17 Jun 2012 09:55:35 -0700 |
3 |
> Greg KH <gregkh@g.o> wrote: |
4 |
> |
5 |
> > On Sun, Jun 17, 2012 at 05:51:04PM +0200, Michał Górny wrote: |
6 |
> > > 2. What happens if, say, your bootloader is compromised? |
7 |
> > |
8 |
> > And how would this happen? Your bootloader would not run. |
9 |
> |
10 |
> Yes. I'm asking what happens next. Is there an easy way to replace it? |
11 |
|
12 |
I do not know, you need to test this on a UEFI secure boot system to see |
13 |
what happens. |
14 |
|
15 |
> Or is your computer bricked until you run some other bootloader to |
16 |
> replace the compromised one? |
17 |
|
18 |
Probably. |
19 |
|
20 |
> > > 3. What happens if the machine signing the blobs is compromised? |
21 |
> > |
22 |
> > So, who's watching the watchers, right? Come on, this is getting |
23 |
> > looney. |
24 |
> |
25 |
> I'm just pointing out that this simply relies on trusting people. Much |
26 |
> like not having those signatures. |
27 |
|
28 |
Of course, this is life, and should not be anything "new" to you or |
29 |
anyone else. |
30 |
|
31 |
And before you get upset, do you trust the "people" who implemented the |
32 |
firmware in your processor and I/O controllers? This argument is not |
33 |
one that is worth discussing. |
34 |
|
35 |
greg k-h |