LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora, secure boot, and an insecure future

Fedora, secure boot, and an insecure future

Posted Jun 5, 2012 23:39 UTC (Tue) by neilbrown (subscriber, #359)
In reply to: Fedora, secure boot, and an insecure future by rahvin
Parent article: Fedora, secure boot, and an insecure future

I think you are saying that secure boot isn't really a solution, and I think I agree. However it seems that there is still a problem and I wonder if anyone has any ideas that might actually work.

One of the freedoms that I want for my computing experience is the freedom not to run any malware. I have enjoyed that so far largely because Windows is a much bigger target than Linux. However that has not been a complete protection and will not necessarily continue to be any protection. Recent events show that with enough resources, almost anything is possible. Maybe my ethernet card already has a back-door that is allowing unfriendlies in.

One of the things that we do with software is to make unreliable systems more reliable. TCP does this for networks. RAID does this for storage. Multi-path does it for cabling. UPS does it for power (that isn't software though).

Is there some approach that can leverage redundancy or extra analysis or some extra strong segregation that is structurally immune to all non-physical-access attacks?

Or can we look forward to an unending arms race for control of our computers?

(Log in to post comments)

Fedora, secure boot, and an insecure future

Posted Jun 6, 2012 9:21 UTC (Wed) by steveriley (subscriber, #83540) [Link]

This is rather the opposite of the prevailing view that software requires a hardware root of trust (https://startpage.com/do/search?query=hardware+root+of+trust). Although I actually think you're onto something here. Must ponder this one for a bit...

Fedora, secure boot, and an insecure future

Posted Jun 6, 2012 12:23 UTC (Wed) by alonz (subscriber, #815) [Link]

Since when has “prevailing view” come to mean “right”…?

The security field is full of misconceptions, miscommunications, and improperly-understood ideas. This is one of the major examples: a hardware root-of-trust means that the principal who put his keys in the hardware module can trust (transitively) any software running on the device. But note that the extra security is only enjoyed by the owner of the keys—not by anyone else! So, unless you give the keys to the end-user (owner of the hardware), and trust them to determine what software is trustworthy and sign this software, you end up with a vendor-locked system. (And if you do trust the end-user, I have a bridge to sell you.)

(On the other hand, if you trust the vendor, I have another bridge…)

Secure boot is currently being sold as a magic security solution. It's not magic, and thus can't work as advertised; unfortunately, a good security solution will be more complex to engineer (and thus nobody has an incentive to develop it).

(Full disclosure: I am chief architect at a security solutions company.)

Fedora, secure boot, and an insecure future

Posted Jun 6, 2012 12:29 UTC (Wed) by hummassa (subscriber, #307) [Link]

> Secure boot is currently being sold as a magic security solution. It's not magic,

It's not security, and it's not a solution... :-) people still did not understand that there is no such thing as shrink-wrapped security?? It is a process, not a product...

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds