User: Password:
|
|
Subscribe / Log in / New account

A motherly request

A motherly request

Posted Nov 21, 2012 9:38 UTC (Wed) by Wol (guest, #4433)
In reply to: A motherly request by davidescott
Parent article: Bottomley: Adventures in Microsoft UEFI Signing

Well, actually, as I understood it we have a bootloader. A SINGLE file, which gets loaded and cryptographically checked. And if it's correct, it gets executed.

Seeing as we are asking for a single file to be signed, why can't we upload that file as itself, rather than an archive? It's all very well saying "MS should use an open packaging standard", but why - if it's just one file - does it need to be packaged at all?

If I'm sending stuff to my friends, it's usually single files, and I don't bother packing them.

Cheers,
Wol


(Log in to post comments)

A motherly request

Posted Nov 21, 2012 12:23 UTC (Wed) by khim (subscriber, #9252) [Link]

Seeing as we are asking for a single file to be signed, why can't we upload that file as itself, rather than an archive? It's all very well saying "MS should use an open packaging standard", but why - if it's just one file - does it need to be packaged at all?

Sure, if you want to create service which just signs random sequences of bytes without any verification then this approach will work just fine - but this will kind of defeat the purpose: anyone will be able to sign any kind of junk in this case thus you can just rip out the whole signature checking process: it'll be more honest, surely.

But of course Microsoft is not crazy: it's process includes two parts (actually more, but it should include at least two). You've forgotten about vital, yet extremely important part of the whole process: first we must make sure the file presented have actually come from trusted source (from someone who've gotten the certificate and signed some papers) and then we need to sign it with Microsoft's key.

Well, actually, as I understood it we have a bootloader. A SINGLE file, which gets loaded and cryptographically checked. And if it's correct, it gets executed.

That's for the second part of the process. First part (which checks the credentials) is generic - as it should be (you should not invent new cryptoprocedures unless you must). And for that part signed CAB makes perfect sense: this is format designed for just such a use, after all!

If I'm sending stuff to my friends, it's usually single files, and I don't bother packing them.

And how exactly do you prevent forgery in this case? You use PGP, S/MIME, or some other container format which add the signature, isn't it? Well, Microsoft prefers signed CAB for obvious reason.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds