From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SgIzC-0001FQ-24 for garchives@archives.gentoo.org; Sun, 17 Jun 2012 17:10:02 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DA08FE07B5; Sun, 17 Jun 2012 17:09:43 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id CBC6DE057F for ; Sun, 17 Jun 2012 17:09:09 +0000 (UTC) Received: from pomiocik.lan (77-255-13-153.adsl.inetia.pl [77.255.13.153]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 308401B4002; Sun, 17 Jun 2012 17:09:07 +0000 (UTC) Date: Sun, 17 Jun 2012 19:10:13 +0200 From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= To: gentoo-dev@lists.gentoo.org Cc: matthew.finkel@gmail.com Subject: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo Message-ID: <20120617191013.38dda99e@pomiocik.lan> In-Reply-To: References: <20120615042810.GA9480@kroah.com> <4FDAEA24.3010303@binarywings.net> <20120616195104.192e5abd@pomiocik.lan> <4FDDA166.8010404@binarywings.net> <20120617175104.055e62e8@pomiocik.lan> Organization: Gentoo X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.10; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA256; boundary="Sig_/R0k/wQZ7M9wqCf0ch7/PChC"; protocol="application/pgp-signature" X-Archives-Salt: c8603d6e-dae2-4692-afae-0d6de072ad0a X-Archives-Hash: 0bf330c9e1d54ef5bed5d2d5fa43b961 --Sig_/R0k/wQZ7M9wqCf0ch7/PChC Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sun, 17 Jun 2012 12:56:34 -0400 Matthew Finkel wrote: > On Sun, Jun 17, 2012 at 11:51 AM, Micha=C5=82 G=C3=B3rny > wrote: > > 1. How does it increase security? > > > This removed a few vectors of attack and ensures your computer is only > bootstrapped by and booted using software you think is safe. By using > any software we don't write, we make a lot of assumptions. I agree that it removes a few vectors of attack. But this doesn't necessarily mean the system is more secure. It has one vulnerability less but let's not get overenthusiastic. I'm basically trying to point out that a single solution like that can do more evil than good if people will believe it's perfect. > > 3. What happens if the machine signing the blobs is compromised? > > > See above. But also, a compromised system wouldn't necessarily mean > the blobs would be compromised as well. In addition, ideally the > priv-key would be kept isolated to ensure a compromise would be > extremely difficult. In my opinion, if a toolchain is quietly compromised, everything built on the particular machine can be compromised. And signed. I doubt that someone will check bit-exact machine code of the toolchain and operating system before starting to sign packages. --=20 Best regards, Micha=C5=82 G=C3=B3rny --Sig_/R0k/wQZ7M9wqCf0ch7/PChC Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iJwEAQEIAAYFAk/eD3YACgkQfXuS5UK5QB0ZAgP/RsLdxpRCSNDBvqqe8VvJoW2y 9iv0Ahcze2hnouoF9VDX/MFll4ya1uCmwbMq1TQ8RB8m9veDR3gutbgqwT4g6rgG fJYbuFBlVYs6zweEm+Mli5BpewvM5Jqx50bfMiXyYxGbNLQG9dZBov5iS0ELUbkp PfQ/UUMdGyJIQ3imyr0= =dXxO -----END PGP SIGNATURE----- --Sig_/R0k/wQZ7M9wqCf0ch7/PChC--