From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SgJTj-0006aj-7P for garchives@archives.gentoo.org; Sun, 17 Jun 2012 17:41:35 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DD622E07C0; Sun, 17 Jun 2012 17:41:20 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by pigeon.gentoo.org (Postfix) with ESMTP id C7503E0767 for ; Sun, 17 Jun 2012 17:40:45 +0000 (UTC) Received: from compute2.internal (compute2.nyi.mail.srv.osa [10.202.2.42]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 53C97210FE for ; Sun, 17 Jun 2012 13:40:45 -0400 (EDT) Received: from frontend2.nyi.mail.srv.osa ([10.202.2.161]) by compute2.internal (MEProxy); Sun, 17 Jun 2012 13:40:45 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=binarywings.net; h=message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type; s=mesmtp; bh=SsVaHYdRRucHYIp9LysvphNg XB4=; b=GOfvpzyk/swkqtBY61POtMl9v008PRgqE8Ee7668jbVsxQ/s3yEP/YiN 9F+ulXc9V99vjp+6pnoHnR3gyc6dkiSIRAGCnC5QIgv4wNeK4BNIm4eSdjw2A34v ZMkbTxnY7lhI3Dvta6r8/NfkcbzRfcmJpLJiFvMwu1J6KjYQFPo= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type; s=smtpout; bh=SsVa HYdRRucHYIp9LysvphNgXB4=; b=VWaTm94aOqJd12AUrS4Ei20DJZCYrAwnwtuG YQU3sC6IhewnJa8tvizGwfMWU8nw0bUS+3wKyplMqfxyMxUo8AQj7X2wm3gKwW34 vAOA2hTn6tT/tur6FBFdzL2t45YHgzGRW0tO/aRlmft4917EsoJx0OZ6kYEdsrc6 N4pWZEU= X-Sasl-enc: e5uFbKxj3bs2wxPDArnmT8ecCre5/r9snc4BRoFANRjD 1339954844 Received: from [192.168.5.18] (unknown [83.169.5.6]) by mail.messagingengine.com (Postfix) with ESMTPA id 2BFE34824A6 for ; Sun, 17 Jun 2012 13:40:43 -0400 (EDT) Message-ID: <4FDE1692.4020305@binarywings.net> Date: Sun, 17 Jun 2012 19:40:34 +0200 From: Florian Philipp User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20120602 Thunderbird/10.0.4 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo References: <20120615042810.GA9480@kroah.com> <4FDAEA24.3010303@binarywings.net> <20120616195104.192e5abd@pomiocik.lan> <4FDDA166.8010404@binarywings.net> <20120617175104.055e62e8@pomiocik.lan> <20120617191013.38dda99e@pomiocik.lan> In-Reply-To: <20120617191013.38dda99e@pomiocik.lan> X-Enigmail-Version: 1.3.5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig38B98148C5667F312F6F17DF" X-Archives-Salt: 4374ee8f-320c-4724-8688-0efd189000a0 X-Archives-Hash: 0014f31e148c569ad40b53534afe0c0e This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig38B98148C5667F312F6F17DF Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 17.06.2012 19:10, schrieb Micha=C5=82 G=C3=B3rny: > On Sun, 17 Jun 2012 12:56:34 -0400 > Matthew Finkel wrote: >=20 >> On Sun, Jun 17, 2012 at 11:51 AM, Micha=C5=82 G=C3=B3rny >> wrote: >>> 1. How does it increase security? >>> >> This removed a few vectors of attack and ensures your computer is only= >> bootstrapped by and booted using software you think is safe. By using >> any software we don't write, we make a lot of assumptions. >=20 > I agree that it removes a few vectors of attack. But this doesn't > necessarily mean the system is more secure. It has one vulnerability > less but let's not get overenthusiastic. >=20 > I'm basically trying to point out that a single solution like that can > do more evil than good if people will believe it's perfect. >=20 I think I now understand your train of thought. But I don't think anyone implied that Secure Boot solves each and every security issue. What it does, however, is impose new hurdles for malware authors. Therefore I don't see a reason not to use it as long as the inconveniences and limitations it imposes are acceptable for my particular use case. >>> 3. What happens if the machine signing the blobs is compromised? >>> >> See above. But also, a compromised system wouldn't necessarily mean >> the blobs would be compromised as well. In addition, ideally the >> priv-key would be kept isolated to ensure a compromise would be >> extremely difficult. >=20 > In my opinion, if a toolchain is quietly compromised, everything built > on the particular machine can be compromised. And signed. I doubt that > someone will check bit-exact machine code of the toolchain > and operating system before starting to sign packages. >=20 Just because you cannot rule out bugs doesn't mean you shouldn't use security enhancing systems. Don't tell me you open telnet for root access to your machines just because you cannot rule out the chance that SSH is compromised or someone compromised the SSH source code you downloaded from the Gentoo mirrors. Regards, Florian Philipp --------------enig38B98148C5667F312F6F17DF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/eFpkACgkQqs4uOUlOuU+snwCfbpLeMV5T/GQRgSp51jZjzXmZ xgYAniChALtq51DDaeBfGdzGGeDfEeCt =6Lal -----END PGP SIGNATURE----- --------------enig38B98148C5667F312F6F17DF--