Fedora, secure boot, and an insecure future
Posted Jun 6, 2012 12:23 UTC (Wed) by alonz
In reply to: Fedora, secure boot, and an insecure future
Parent article: Fedora, secure boot, and an insecure future
Since when has “prevailing view” come to mean “right”…?
The security field is full of misconceptions, miscommunications, and improperly-understood ideas. This is one of the major examples: a hardware root-of-trust means that the principal who put his keys in the hardware module can trust (transitively) any software running on the device. But note that the extra security is only enjoyed by the owner of the keys—not by anyone else! So, unless you give the keys to the end-user (owner of the hardware), and trust them to determine what software is trustworthy and sign this software, you end up with a vendor-locked system. (And if you do trust the end-user, I have a bridge to sell you.)
(On the other hand, if you trust the vendor, I have another bridge…)
Secure boot is currently being sold as a magic security solution. It's not magic, and thus can't work as advertised; unfortunately, a good security solution will be more complex to engineer (and thus nobody has an incentive to develop it).
(Full disclosure: I am chief architect at a security solutions company.)
to post comments)