User: Password:
Subscribe / Log in / New account

Present user test

Present user test

Posted Oct 11, 2012 13:27 UTC (Thu) by gidoca (subscriber, #62438)
In reply to: Present user test by epa
Parent article: The Linux Foundation's UEFI secure boot system

How is plugging a USB device not a manual intervention?

(Log in to post comments)

Present user test

Posted Oct 11, 2012 14:33 UTC (Thu) by pjones (subscriber, #31722) [Link]

There's no distinction at system bootup between plugging a device in and already having a device plugged in.

Present user test

Posted Oct 11, 2012 14:45 UTC (Thu) by pjones (subscriber, #31722) [Link]

To elaborate - current generation systems don't enumerate USB in the firmware unless there's a reason to - either you've got a boot entry that points to a usb device or your software calls ReadKeyStroke()/WaitForKey()/etc. So the point at which you want to say "I'm waiting for this device to be inserted" would wind up being right after you've asked it to enumerate the USB bus. At that point, if the device is already inserted, you're still going to get a new event when it shows up. There's no distinction.

Present user test

Posted Oct 11, 2012 14:52 UTC (Thu) by epa (subscriber, #39769) [Link]

I meant there is no need for manual intervention at every startup. So you can install Linux on your server without worrying about it being stuck at a menu every time it reboots.

Clearly, if you can plug in a USB key then you have physical access to the machine. The criterion for defeating malware is surely that you can't change the bootloader without physical access. Somebody with that access could equally well install a keylogger or (in principle) just replace the motherboard with a trojaned one.

In fact, you could argue that physically plugging something in is how it should have worked from the beginning. Like an old Nintendo console, your PC or tablet device could come with a Windows cartridge installed, and if you want to boot something else you have to remove that and plug in a different cartridge (which may still allow booting Windows if you wish). Unfortunately that would make the devices a couple of dollars more expensive, so we have these shenanigans with signed bootloaders instead.

Present user test

Posted Oct 11, 2012 15:09 UTC (Thu) by raven667 (subscriber, #5198) [Link]

Actually that sounds a lot like the smartcards used for satellite TV decryption. That would have been an interesting direction for the industry to go in.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds