LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Garrett: Secure Boot and Restricted Boot

Garrett: Secure Boot and Restricted Boot

Posted Apr 7, 2013 12:13 UTC (Sun) by hummassa (subscriber, #307)
In reply to: Garrett: Secure Boot and Restricted Boot by kleptog
Parent article: Garrett: Secure Boot and Restricted Boot

My sistematic opposition to "secure" boot is based on the following argument:

1. yes, it *is* a (small) beachhead; BUT
2. it is a very strategic and hijack-able beachhead that can be used by a third player (not you nor the malware author) to support this third players's interests in detriment of yours; AND
3. it is a somewhat useless beachhead because you cannot secure the post-boot env enough.

(Log in to post comments)

Garrett: Secure Boot and Restricted Boot

Posted Apr 7, 2013 16:10 UTC (Sun) by raven667 (subscriber, #5198) [Link]

> strategic and hijack-able beachhead

How is that supposed to work?

Garrett: Secure Boot and Restricted Boot

Posted Apr 7, 2013 17:34 UTC (Sun) by hummassa (subscriber, #307) [Link]

By flipping the theoretical bit that separates "secure" boot from "restricted" boot. Then the only bootable things will be those that are approved by the third party (the original hw's OS vendor, in casu, Microsoft).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds