| |||||||||||||
Fedora, secure boot, and an insecure futureFedora, secure boot, and an insecure futurePosted Jun 6, 2012 12:23 UTC (Wed) by alonz (subscriber, #815)In reply to: Fedora, secure boot, and an insecure future by steveriley Parent article: Fedora, secure boot, and an insecure future Since when has “prevailing view” come to mean “right”…? The security field is full of misconceptions, miscommunications, and improperly-understood ideas. This is one of the major examples: a hardware root-of-trust means that the principal who put his keys in the hardware module can trust (transitively) any software running on the device. But note that the extra security is only enjoyed by the owner of the keys—not by anyone else! So, unless you give the keys to the end-user (owner of the hardware), and trust them to determine what software is trustworthy and sign this software, you end up with a vendor-locked system. (And if you do trust the end-user, I have a bridge to sell you.) (On the other hand, if you trust the vendor, I have another bridge…) Secure boot is currently being sold as a magic security solution. It's not magic, and thus can't work as advertised; unfortunately, a good security solution will be more complex to engineer (and thus nobody has an incentive to develop it). (Full disclosure: I am chief architect at a security solutions company.)
(Log in to post comments)
Fedora, secure boot, and an insecure future Posted Jun 6, 2012 12:29 UTC (Wed) by hummassa (subscriber, #307) [Link]
> Secure boot is currently being sold as a magic security solution. It's not magic,
It's not security, and it's not a solution... :-) people still did not understand that there is no such thing as shrink-wrapped security?? It is a process, not a product...
|
|||||||||||||