From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SgIvJ-0000SF-PC for garchives@archives.gentoo.org; Sun, 17 Jun 2012 17:06:02 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8076BE07AB; Sun, 17 Jun 2012 17:05:38 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 0B37CE0790 for ; Sun, 17 Jun 2012 17:04:49 +0000 (UTC) Received: from pomiocik.lan (77-255-13-153.adsl.inetia.pl [77.255.13.153]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 25EF71B4002; Sun, 17 Jun 2012 17:04:47 +0000 (UTC) Date: Sun, 17 Jun 2012 19:06:16 +0200 From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= To: gentoo-dev@lists.gentoo.org Cc: gregkh@gentoo.org, lists@binarywings.net Subject: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo Message-ID: <20120617190616.186bd49a@pomiocik.lan> In-Reply-To: <20120617165535.GA31617@kroah.com> References: <20120615042810.GA9480@kroah.com> <4FDAEA24.3010303@binarywings.net> <20120616195104.192e5abd@pomiocik.lan> <4FDDA166.8010404@binarywings.net> <20120617175104.055e62e8@pomiocik.lan> <20120617165535.GA31617@kroah.com> Organization: Gentoo X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.10; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA256; boundary="Sig_/=/Ycz9waq.80WU4ULPw5TnT"; protocol="application/pgp-signature" X-Archives-Salt: b7eb87c9-2ec2-413a-90a2-8df07d53131a X-Archives-Hash: 23e72f15b620e00facb25d54c8ff3a4f --Sig_/=/Ycz9waq.80WU4ULPw5TnT Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sun, 17 Jun 2012 09:55:35 -0700 Greg KH wrote: > On Sun, Jun 17, 2012 at 05:51:04PM +0200, Micha=C5=82 G=C3=B3rny wrote: > > 2. What happens if, say, your bootloader is compromised? >=20 > And how would this happen? Your bootloader would not run. Yes. I'm asking what happens next. Is there an easy way to replace it? Or is your computer bricked until you run some other bootloader to replace the compromised one? > > 3. What happens if the machine signing the blobs is compromised? >=20 > So, who's watching the watchers, right? Come on, this is getting > looney. I'm just pointing out that this simply relies on trusting people. Much like not having those signatures. --=20 Best regards, Micha=C5=82 G=C3=B3rny --Sig_/=/Ycz9waq.80WU4ULPw5TnT Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iJwEAQEIAAYFAk/eDogACgkQfXuS5UK5QB03tAQAq73AsBXWzw70u93KxDhpTL+R shNBh62M8IsUUJ6DriJZu3lAJhcK4NaGBZ9xrKcstBo0HKyzl2WCrK22+Fx9K0ZY 6ObNy0yHBpZUmr5BiLjRiRWOTxd2ZgtWPd/Dc8HbqigZg/CJpLeFT6x9LZq+YzMj alh/8rQ1O95cwHXPsyA= =aEMv -----END PGP SIGNATURE----- --Sig_/=/Ycz9waq.80WU4ULPw5TnT--