The Reg has a story on this from a blog post by Red Hat. It may be worth a
read:
http://www.theregister.co.uk/2012/01/18/windows_8_linux_secure_boot/
On Sun, Jun 17, 2012 at 4:30 PM, Florian Philipp wrote:
> Am 17.06.2012 20:56, schrieb Sascha Cunz:
>> I was under the impression that it should at least help in that scenario.
>> OTOH, if it takes a compromised system or physical access to the machine in
>> order to manipulate the boot sequence,
Am 17.06.2012 20:56, schrieb Sascha Cunz:
> On Sunday, 17. June 2012 20:00:51 Florian Philipp wrote:
>> Am 17.06.2012 19:34, schrieb Sascha Cunz:
>>> [...]
>>>
It doesn't. It's just a very long wooden fence; you just didn't find
the hole yet.
>>>
>>> Given the fact that the keys in the BI
Sascha Cunz writes:
> You've said yourself, that "some removable media might not require
> signatures"
> in order to boot. Well, if that is the case, then isn't this defeating the
> whole point of Secure Boot at that stage?
Not necessarily. As has been stated previously, secure boot is not
in
On Sunday, 17. June 2012 20:00:51 Florian Philipp wrote:
> Am 17.06.2012 19:34, schrieb Sascha Cunz:
> > [...]
> >
> >> It doesn't. It's just a very long wooden fence; you just didn't find
> >> the hole yet.
> >
> > Given the fact that the keys in the BIOS must somehow get there and it
> > must
>
Am 17.06.2012 19:34, schrieb Sascha Cunz:
> [...]
>
>> It doesn't. It's just a very long wooden fence; you just didn't find
>> the hole yet.
>
> Given the fact that the keys in the BIOS must somehow get there and it must
> also be able to update them (how to revoke or add keys else?).
>
> Unles
On Sun, Jun 17, 2012 at 07:06:16PM +0200, Michał Górny wrote:
> On Sun, 17 Jun 2012 09:55:35 -0700
> Greg KH wrote:
>
> > On Sun, Jun 17, 2012 at 05:51:04PM +0200, Michał Górny wrote:
> > > 2. What happens if, say, your bootloader is compromised?
> >
> > And how would this happen? Your bootload
On Sun, Jun 17, 2012 at 1:34 PM, Sascha Cunz wrote:
>
> Given the fact that the keys in the BIOS must somehow get there and it must
> also be able to update them (how to revoke or add keys else?).
Based on what I've read the keys are stored in flash. The flash
module itself is protected. There
Am 17.06.2012 19:10, schrieb Michał Górny:
> On Sun, 17 Jun 2012 12:56:34 -0400
> Matthew Finkel wrote:
>
>> On Sun, Jun 17, 2012 at 11:51 AM, Michał Górny
>> wrote:
>>> 1. How does it increase security?
>>>
>> This removed a few vectors of attack and ensures your computer is only
>> bootstrappe
[...]
> It doesn't. It's just a very long wooden fence; you just didn't find
> the hole yet.
Given the fact that the keys in the BIOS must somehow get there and it must
also be able to update them (how to revoke or add keys else?).
Unless this is completely done in hardware, there must be a sof
Am 17.06.2012 19:06, schrieb Michał Górny:
> On Sun, 17 Jun 2012 09:55:35 -0700
> Greg KH wrote:
>
>> On Sun, Jun 17, 2012 at 05:51:04PM +0200, Michał Górny wrote:
[...]
>
>>> 3. What happens if the machine signing the blobs is compromised?
>>
>> So, who's watching the watchers, right? Come on,
Greg KH wrote:
> On Sat, Jun 16, 2012 at 06:37:41PM -0500, Steev Klimaszewski wrote:
>> Just picking a random response to reply to. I'm not speaking
>> officially, however, I'm pretty sure we at Genesi aren't going to pay
>> Microsoft in order to boot our own boards.
> If you don't want your board
On Sun, Jun 17, 2012 at 1:06 PM, Michał Górny wrote:
> On Sun, 17 Jun 2012 09:55:35 -0700
> Greg KH wrote:
>
>> On Sun, Jun 17, 2012 at 05:51:04PM +0200, Michał Górny wrote:
>> > 2. What happens if, say, your bootloader is compromised?
>>
>> And how would this happen? Your bootloader would not r
On Sun, 17 Jun 2012 12:56:34 -0400
Matthew Finkel wrote:
> On Sun, Jun 17, 2012 at 11:51 AM, Michał Górny
> wrote:
> > 1. How does it increase security?
> >
> This removed a few vectors of attack and ensures your computer is only
> bootstrapped by and booted using software you think is safe. By
On Sun, 17 Jun 2012 09:55:35 -0700
Greg KH wrote:
> On Sun, Jun 17, 2012 at 05:51:04PM +0200, Michał Górny wrote:
> > 2. What happens if, say, your bootloader is compromised?
>
> And how would this happen? Your bootloader would not run.
Yes. I'm asking what happens next. Is there an easy way t
On Sat, Jun 16, 2012 at 06:37:41PM -0500, Steev Klimaszewski wrote:
> Just picking a random response to reply to. I'm not speaking
> officially, however, I'm pretty sure we at Genesi aren't going to pay
> Microsoft in order to boot our own boards.
If you don't want your boards to be Windows 8 cer
On Sun, Jun 17, 2012 at 11:51 AM, Michał Górny wrote:
> On Sun, 17 Jun 2012 11:20:38 +0200
> Florian Philipp wrote:
>
> > Am 16.06.2012 19:51, schrieb Michał Górny:
> > > On Fri, 15 Jun 2012 09:54:12 +0200
> > > Florian Philipp wrote:
> > >
> > >> Am 15.06.2012 06:50, schrieb Duncan:
> > >>> Gr
On Sun, Jun 17, 2012 at 05:51:04PM +0200, Michał Górny wrote:
> On Sun, 17 Jun 2012 11:20:38 +0200
> Florian Philipp wrote:
>
> > Am 16.06.2012 19:51, schrieb Michał Górny:
> > > On Fri, 15 Jun 2012 09:54:12 +0200
> > > Florian Philipp wrote:
> > >
> > >> Am 15.06.2012 06:50, schrieb Duncan:
>
On Sun, 17 Jun 2012 11:20:38 +0200
Florian Philipp wrote:
> Am 16.06.2012 19:51, schrieb Michał Górny:
> > On Fri, 15 Jun 2012 09:54:12 +0200
> > Florian Philipp wrote:
> >
> >> Am 15.06.2012 06:50, schrieb Duncan:
> >>> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted:
> >>>
> >>
Am 16.06.2012 19:51, schrieb Michał Górny:
> On Fri, 15 Jun 2012 09:54:12 +0200
> Florian Philipp wrote:
>
>> Am 15.06.2012 06:50, schrieb Duncan:
>>> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted:
>>>
So, anyone been thinking about this? I have, and it's not pretty.
>
Matthew Summers posted on Sat, 16 Jun 2012 18:52:31 -0500 as excerpted:
> Pardon my ignorance, but will we be requires to sign the boot
> loader/kernel on our install media for a Win8 machine to boot the iso?
This was one of the issues covered early on. Unless it has changed, no.
Booting exter
Just picking a random response to reply to. I'm not speaking
officially, however, I'm pretty sure we at Genesi aren't going to pay
Microsoft in order to boot our own boards.
On Fri, 15 Jun 2012 09:54:12 +0200
Florian Philipp wrote:
> Am 15.06.2012 06:50, schrieb Duncan:
> > Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted:
> >
> >> So, anyone been thinking about this? I have, and it's not pretty.
> >>
> >> Should I worry about this and how it affects
Am 15.06.2012 14:28, schrieb Walter Dnes:
> On Fri, Jun 15, 2012 at 09:54:12AM +0200, Florian Philipp wrote
>
>> I guess anti-trust is not an issue since MS is not even close to having
>> a monopoly in ARM.
>
> Will you be able to get an ARM machine without their UEFI? If MS
> ever gets huge i
On Fri, Jun 15, 2012 at 09:54:12AM +0200, Florian Philipp wrote
> I guess anti-trust is not an issue since MS is not even close to having
> a monopoly in ARM.
Will you be able to get an ARM machine without their UEFI? If MS
ever gets huge in the ARM arena, and 95% of ARM cpus go into Windows
m
Am 15.06.2012 06:50, schrieb Duncan:
> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted:
>
>> So, anyone been thinking about this? I have, and it's not pretty.
>>
>> Should I worry about this and how it affects Gentoo, or not worry about
>> Gentoo right now and just focus on the oth
On Fri, Jun 15, 2012 at 12:50 AM, Duncan <1i5t5.dun...@cox.net> wrote:
> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted:
>
> > So, anyone been thinking about this? I have, and it's not pretty.
> >
> > Should I worry about this and how it affects Gentoo, or not worry about
> > Gent
Arun Raghavan posted on Fri, 15 Jun 2012 10:15:28 +0530 as excerpted:
> I guess we're in an especially bad position since everybody builds their
> own bootloader. Is there /any/ viable solution that allows people to
> continue doing this short of distributing a first-stage bootloader blob?
As I s
Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted:
> So, anyone been thinking about this? I have, and it's not pretty.
>
> Should I worry about this and how it affects Gentoo, or not worry about
> Gentoo right now and just focus on the other issues?
>
> Minor details like, "do we h
29 matches
Mail list logo
