|
|
Subscribe / Log in / New account

Garrett: Linux kernel lockdown, integrity, and confidentiality

Garrett: Linux kernel lockdown, integrity, and confidentiality

Posted Apr 30, 2020 22:15 UTC (Thu) by AngryChris (guest, #74783)
In reply to: Garrett: Linux kernel lockdown, integrity, and confidentiality by rahulsundaram
Parent article: Garrett: Linux kernel lockdown, integrity, and confidentiality

>> Because when you buy a device you don't get to recompile the kernel, and for some devices it is completely impossible to replace the kernel with one that has the configuration you want it to have.

>Sounds like some sort of restricted hardware problem than a kernel problem

You're exactly right. This mechanism simply enforces SecureBoot across the running kernel. This is the kind of thing you *want* if you want SecureBoot enabled. You can disable SecureBoot and disable this feature. The only problem is if the device doesn't let you disable SecureBoot. But that's a problem with the device, not the kernel.

People are looking for persecution where none exists.

to post comments

Garrett: Linux kernel lockdown, integrity, and confidentiality

Posted Apr 30, 2020 23:26 UTC (Thu) by pizza (subscriber, #46) [Link] (1 responses)

> This is the kind of thing you *want* if you want SecureBoot enabled.

Absolutely! It's great.. if you're the device owner. But if you don't have the technical ability to disable SecureBoot, you're not the device owner, which raises all sorts of problems with calling the "purchase transaction" a "sale". (Because "sale" confers rights that you are not getting!)

> But that's a problem with the device, not the kernel.
> People are looking for persecution where none exists.

The problem with absolute statements is that they are trivially disproven.

It is _illegal_ for me to break the lock on systems I supposedly own. Doing so anyway could get me quite literally persecuted. Discussing how to break those locks is also illegal, and yes, folks can and have been persecuted for that. Meanwhile, it is nearly impossible to purchase several classes of devices that are not locked down. They are not locked down for the benefit of the end-user, nor are they always locked down for the benefit of the manufacturer or seller; instead the lock-down is usually for third parties (eg Hollywood) that are not part of the transaction.

Garrett: Linux kernel lockdown, integrity, and confidentiality

Posted May 4, 2020 12:55 UTC (Mon) by tao (subscriber, #17563) [Link]

It being illegal to break the lock on systems you supposedly own is a *legal* problem though, not a technical problem.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds