Gentoo Archives: gentoo-dev

From: Greg KH <gregkh@g.o>
To: "Michał Górny" <mgorny@g.o>
Cc: gentoo-dev@l.g.o, gregkh@g.o, lists@×××××××××××.net
Subject: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo
Date: Sun, 17 Jun 2012 17:58:06
In Reply to: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo by "Michał Górny"
On Sun, Jun 17, 2012 at 07:06:16PM +0200, Michał Górny wrote:
> On Sun, 17 Jun 2012 09:55:35 -0700 > Greg KH <gregkh@g.o> wrote: > > > On Sun, Jun 17, 2012 at 05:51:04PM +0200, Michał Górny wrote: > > > 2. What happens if, say, your bootloader is compromised? > > > > And how would this happen? Your bootloader would not run. > > Yes. I'm asking what happens next. Is there an easy way to replace it?
I do not know, you need to test this on a UEFI secure boot system to see what happens.
> Or is your computer bricked until you run some other bootloader to > replace the compromised one?
> > > 3. What happens if the machine signing the blobs is compromised? > > > > So, who's watching the watchers, right? Come on, this is getting > > looney. > > I'm just pointing out that this simply relies on trusting people. Much > like not having those signatures.
Of course, this is life, and should not be anything "new" to you or anyone else. And before you get upset, do you trust the "people" who implemented the firmware in your processor and I/O controllers? This argument is not one that is worth discussing. greg k-h