Shared publicly  - 
Nice proposed solution to the issues involved, I like it.
Florian Echtler's profile photoGuillaume Pasquet's profile photoMathias Krause's profile photoMichael Richardson's profile photo
Additional layers of indirection FTW!
Uh I didn't notice that was from Vojtech — I start to feel old, I think it was to him that I first reported a bug/missing feature in the kernel ... don't remember how many years ago!
How many motherboards will ignore the spec and simply not provide a way to change the keys without flashing a new firmware image and how will keys be revoked once they've leaked?
Greg, do you know if any HW vendors have already committed to carrying the SUSE signing key (or Ubuntu/Fedora/WhateverDistro key, for that matter) on their hardware besides the Microsoft signing key?
why do we need such a convoluted boot process? And how comes that manufacturers and software vendors tolerate this scheme from microsoft? It's no better than tattooed bioses!
Me likes it, too. Simplifies things for the end-user, which is a good thing. :)
""An important aspect to remember is that all of this happens during boot time, only verified code is executing now. Therefore, only a user present at the console can say, “I want to use my own set of keys.” It can’t be malware or a hacker with remote access to the OS because hackers or malware can only change the file, but not the hash stored in the “Boot Services Only” variable.""

okay... but... IP KVM? ILO? IBM Service Processor?
+Guillaume Pasquet why don't we just sign grub2? (why does grub2 need to have a stack of modules to get corrupt? Why can't I have a statically linked grub2?  I almost never need to upgrade grub2...)
Add a comment...