Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
SD-cards already have hardware-write-protect switches on them, why not just put your kernel there, and set the bios to boot from the SD-card ?
UEFI secure boot kernel restrictions
Posted Nov 9, 2012 12:05 UTC (Fri) by anselm (subscriber, #2796)
AFAIK the switch on an SD card doesn't actually physically prevent writing to the card; if engaged it's really more like a suggestion to the kernel to not allow writing to the card, so it wouldn't gain you additional security.
Posted Nov 9, 2012 12:28 UTC (Fri) by ekj (guest, #1524)
No changes to hardware or software beyond the SD-card itself needed.
So what is the point of secure boot ? Why make something so simple (and so useless) so complicated ? What's the point of the crypto and the checksums and all the mumble-jumble ?
Posted Nov 9, 2012 15:45 UTC (Fri) by apoelstra (subscriber, #75205)
This is correct, unfortunately. I don't know of any consumer media with hardware write protection (other than compact discs, which can be written only once..).
Posted Nov 9, 2012 23:45 UTC (Fri) by nix (subscriber, #2304)
(You didn't say the consumer media couldn't be decades obsolete...)
Posted Nov 10, 2012 1:56 UTC (Sat) by ABCD (subscriber, #53650)
Posted Nov 10, 2012 0:32 UTC (Sat) by bjencks (subscriber, #80303)
Posted Nov 10, 2012 1:36 UTC (Sat) by hummassa (subscriber, #307)
Posted Nov 11, 2012 20:50 UTC (Sun) by bjencks (subscriber, #80303)
And if you do use Windows (which several hundred million people do), trusting Microsoft is pretty sensible.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds