User: Password:
|
|
Subscribe / Log in / New account

UEFI secure boot kernel restrictions

UEFI secure boot kernel restrictions

Posted Nov 9, 2012 12:05 UTC (Fri) by anselm (subscriber, #2796)
In reply to: UEFI secure boot kernel restrictions by ekj
Parent article: UEFI secure boot kernel restrictions

AFAIK the switch on an SD card doesn't actually physically prevent writing to the card; if engaged it's really more like a suggestion to the kernel to not allow writing to the card, so it wouldn't gain you additional security.


(Log in to post comments)

UEFI secure boot kernel restrictions

Posted Nov 9, 2012 12:28 UTC (Fri) by ekj (guest, #1524) [Link]

Yeah okay, in that case secure boot is as useful as making a sd-card where the write-protect physical switch actually physically prevents writing to the card. I can't imagine that is difficult to do.

No changes to hardware or software beyond the SD-card itself needed.

So what is the point of secure boot ? Why make something so simple (and so useless) so complicated ? What's the point of the crypto and the checksums and all the mumble-jumble ?

UEFI secure boot kernel restrictions

Posted Nov 9, 2012 15:45 UTC (Fri) by apoelstra (subscriber, #75205) [Link]

> AFAIK the switch on an SD card doesn't actually physically prevent writing to the card; if engaged it's really more like a suggestion to the kernel to not allow writing to the card, so it wouldn't gain you additional security.

This is correct, unfortunately. I don't know of any consumer media with hardware write protection (other than compact discs, which can be written only once..).

UEFI secure boot kernel restrictions

Posted Nov 9, 2012 23:45 UTC (Fri) by nix (subscriber, #2304) [Link]

Floppy disks!

(You didn't say the consumer media couldn't be decades obsolete...)

UEFI secure boot kernel restrictions

Posted Nov 10, 2012 1:56 UTC (Sat) by ABCD (subscriber, #53650) [Link]

There are USB thumb drives out there with write-protect switches that (at least supposedly) prevent the computer from writing to the drive. I don't know what would happen if the OS decided to ignore the write-protect switch and write anyway, though.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds