Recent Features
| |||||||||||||
LSS: Secure BootLSS: Secure BootPosted Sep 14, 2012 0:01 UTC (Fri) by hummassa (subscriber, #307)In reply to: LSS: Secure Boot by mjg59 Parent article: LSS: Secure Boot
As it was mentioned, this is not entirely true (unless hibernation or even suspension is disabled) because even if you have to sign the swap file or the restore image with a one-time-only key, the mentioned key has to be on memory, where malware can find it and use it to redo and re-sign the swapfile/restore-image, trigger a reboot, and open the door for a larger exploit to come in (all while it is running a certified, signed-with-microsoft-approved-key OS that can even be Windows).
Repeating myself -> "Secure Boot" == "fake security", much worse than no security at all.
The only thing that will come certainly from Secure Boot is invasions of privacy and consumer rights violations in form of DRM.
(Log in to post comments)
LSS: Secure Boot Posted Sep 14, 2012 0:14 UTC (Fri) by mjg59 (subscriber, #23239) [Link]
... which is, as mentioned, not the attack that we're especially worried about.
LSS: Secure Boot Posted Sep 14, 2012 11:14 UTC (Fri) by hummassa (subscriber, #307) [Link]
> ... which is, as mentioned, not the attack that we're especially worried about.
Yea, what people implementing "Secure" Boot &c seem to be especially worried about is to enable exactly the opposite to what Corbet described in this week's LWN first article:
> It is time to pay more attention to the copyright maximalist agenda and push back. Fair use rights must be asserted where they exist and created where they don't. The business concerns of the entertainment industry should not drive the design of our systems, our networks, and our international agreements.
...
> the system we use to ensure the freedom of our software can also take away our freedom on other fronts if we do not pay attention. A world where our right to express ourselves is moderated by somebody else's software — usually very proprietary software — is not what we have been working for.
Enough said.
Boot signing -- "secure" boot -- has a deep flaw: that (practically) all software is exploitable to do something it was not meant to do, and that it will be exploited by people with enough to gain by it.
LSS: Secure Boot Posted Sep 14, 2012 13:07 UTC (Fri) by corbet (editor, #1) [Link] Hmm... secure boot-like technologies certainly can play into the copyright maximalist agenda. It's not really a DRM technology, though, it's more of a general control technology — who has control over the systems we think we own? I believe the folks working on making Linux work in the secure environment are doing their best to ensure that the owners have control over their own systems. Secure boot can be used to do unpleasant things; it can also (at least try to) protect your system against the next Sony-style rootkit.
What everyone needs to know Posted Sep 15, 2012 22:57 UTC (Sat) by CChittleborough (subscriber, #60775) [Link]
To understand the whole Secure-Boot-and-Linux kerfuffle at a high level, all you need to do is read the previous comment carefully.
(Notice that secure boot is an attempt to solve a real problem, not some dastardly plot by mustache-twirling villains, and has real advantages as well as real disadvantages.)
Changing topic: let's all try to avoid making Matthew Garrett's life any harder. Let's all be grateful he's working on this stuff, because we need his work.
LSS: Secure Boot Posted Sep 22, 2012 23:15 UTC (Sat) by ballombe (subscriber, #9523) [Link]
Unless Sony get its virus signed with the microsoft key.
LSS: Secure Boot Posted Sep 23, 2012 12:05 UTC (Sun) by raven667 (subscriber, #5198) [Link]
I don't think there is an incentive for them to do that, the money isn't any where near good enough.
LSS: Secure Boot Posted Sep 23, 2012 14:16 UTC (Sun) by mjg59 (subscriber, #23239) [Link]
I don't understand what you're suggesting. Any binary can be revoked, regardless of who signed it.
|
|||||||||||||