From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SgJNR-0005Zq-WC for garchives@archives.gentoo.org; Sun, 17 Jun 2012 17:35:06 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 74924E0710; Sun, 17 Jun 2012 17:34:47 +0000 (UTC) Received: from mail.babbelbox.org (babbelbox.org [83.133.105.186]) by pigeon.gentoo.org (Postfix) with ESMTP id AAD42E039A for ; Sun, 17 Jun 2012 17:34:08 +0000 (UTC) Received: (qmail 31121 invoked from network); 17 Jun 2012 17:34:07 -0000 Received: from p54aea142.dip.t-dialin.net (HELO mephista.localnet) (sascha@babbelbox.org@84.174.161.66) by babbelbox.org with ESMTPA; 17 Jun 2012 17:34:07 -0000 From: Sascha Cunz To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo Date: Sun, 17 Jun 2012 19:34:03 +0200 Message-ID: <1694115.BlGnUZZYGL@mephista> User-Agent: KMail/4.8.3 (Linux/3.4.2-gentoo-r1; KDE/4.8.3; x86_64; ; ) In-Reply-To: <20120616195104.192e5abd@pomiocik.lan> References: <20120615042810.GA9480@kroah.com> <4FDAEA24.3010303@binarywings.net> <20120616195104.192e5abd@pomiocik.lan> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Archives-Salt: 2617799a-260b-4bb5-8c65-9f2255ad4aae X-Archives-Hash: 4a9faa34d6686ac8d2b3ed6eb887c62f [...] > It doesn't. It's just a very long wooden fence; you just didn't find > the hole yet. Given the fact that the keys in the BIOS must somehow get there and it must also be able to update them (how to revoke or add keys else?). Unless this is completely done in hardware, there must be a software doing it. Software can - by design - be reverse engineered; in some countries even legally without any further agreement or license. So, you can sign, encrypt, obfuscate or use some other foobar-mechanism on this blob of software - at some point it must be readable from the processor, so you have to provide the mechanisms to verify signs, undo encryption etc somewhere (either in hardware or another software). Even if you somehow manage to embed all of this in the hardware stack, it would still require some kind of interface to get updated / revoked keys to operate on. It's not a matter of *if this can* be broken by someone who cares, it's a matter of *how long does it take* for someone who cares to break it. In the end, this is just another kind of "seems to be secure for a day or two". Admittedly a complex one - but there will always be a "kid in a garage" that is able to set everyone else out of business. SaCu