Re: [GIT PULL] Load keys from signed PE binaries [LWN.net]

From:		Theodore Ts'o <tytso-AT-mit.edu>
To:		Matthew Garrett <mjg59-AT-srcf.ucam.org>
Subject:		Re: [GIT PULL] Load keys from signed PE binaries
Date:		Mon, 25 Feb 2013 22:25:08 -0500
Message-ID:		<20130226032508.GA12906@thunk.org>
Cc:		Greg KH <gregkh-AT-linuxfoundation.org>, David Howells <dhowells-AT-redhat.com>, Florian Weimer <fw-AT-deneb.enyo.de>, Linus Torvalds <torvalds-AT-linux-foundation.org>, Josh Boyer <jwboyer-AT-redhat.com>, Peter Jones <pjones-AT-redhat.com>, Vivek Goyal <vgoyal-AT-redhat.com>, Kees Cook <keescook-AT-chromium.org>, keyrings-AT-linux-nfs.org, Linux Kernel Mailing List <linux-kernel-AT-vger.kernel.org>
Archive-link:		Article, Thread

On Tue, Feb 26, 2013 at 03:13:38AM +0000, Matthew Garrett wrote:
> 
> Because Microsoft have indicated that they'd be taking a reactive 
> approach to blacklisting and because, so far, nobody has decided to 
> write the trivial proof of concept that demonstrates the problem.

Microsoft would take a severe hit both from a PR perspective, as well
as incurring significant legal risks if they did that in certain
jourisdictions --- in particular, I suspect in Europe, if Microsoft
were to break the ability of Linux distributions from booting, it
would be significantly frowned upon.

So Microsoft may have privately threatened this to certain Red Hat
attendees (threats are cheap, but it's not obvious that they would
necessarily follow through on this threat.

						- Ted

(Log in to post comments)