| |||||||||||||
'You have to divulge your private key' meme'You have to divulge your private key' memePosted Jul 4, 2012 3:34 UTC (Wed) by mjg59 (subscriber, #23239)In reply to: 'You have to divulge your private key' meme by Richard_J_Neill Parent article: The FSF's advice to distributors on UEFI secure boot
> Who gets to decide?
Anyone with a key in KEK, so typically Microsoft and the system vendor.
> most of the effort is going into following the letter but not the spirit of the process.
That's not what we're doing in Fedora. If we're going to implement this then we might as well make it useful.
(Log in to post comments)
'You have to divulge your private key' meme Posted Jul 4, 2012 17:05 UTC (Wed) by Richard_J_Neill (subscriber, #23093) [Link]
>> Who gets to decide?
> Anyone with a key in KEK, so typically Microsoft and the system vendor.
Wouldn't that be monumentally anticompetitive? If (say) Ubuntu were to get a large installed base, and then somehow their private key became compromised, then for MS to revoke the key would prevent the existing (non-updated) Ubuntu installations from booting. If Ubuntu made it clear that they didn't want the revocation to occur (i.e. that they would prefer 10 million systems to keep booting, even without the negligible protection conferred by the key), isn't that grounds for a monumental lawsuit?
'You have to divulge your private key' meme Posted Jul 4, 2012 17:43 UTC (Wed) by mjg59 (subscriber, #23239) [Link]
If one OS signed with the Microsoft key is compromised then they're all compromised - you'd just use the compromised OS to attack any of the others. So if Ubuntu ship a bootloader that allows arbitrary code to be executed, it's not just 10 million Ubuntu machines that are affected. You'd have to ask a lawyer to get a good idea about whether it's anticompetitive, though.
|
|||||||||||||