From: Michael Mol <mikemol@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers
Date: Sat, 2 Jun 2012 16:10:47 -0400 [thread overview]
Message-ID: <CA+czFiD2aHPJu2d3P3zuZWKs2mZSxuR0Pfk3w2xZX=k=Uw1o9A@mail.gmail.com> (raw)
In-Reply-To: <4FCA6EDB.4070908@coolmail.se>
On Sat, Jun 2, 2012 at 3:51 PM, pk <peterk2@coolmail.se> wrote:
> On 2012-06-02 15:12, Florian Philipp wrote:
>
>> According to [1] it is SHA-256 and RSA-2048. If I understand it
>> correctly, there are means to blacklist compromised keys. That's
>> why
>
> Just curious, how is a "compromised" key supposed to be blacklisted?
> Does the bios contact Microsoft, or is it through some other mean (via
> OS which means it needs to have some sort of service to check for this
> blacklist)? Smells like trouble to me... :-/
I expect the chief mechanism is at the manufacturer's end; blacklisted
keys get included on shipment.
It's also probable that the OS kernel can tell the UEFI BIOS about new
keys to blacklist. I expect that'll be a recurring thing in the
Monthly batch of security updates Microsoft puts out. (Makes sense,
really; if malware is using a key, blacklist that key.)
Someone linked to some absolutely terrible stuff being built into
Intel's Ivy Bridge...it's plausible it will be possible to deploy
blacklist key updates over the network within a couple years.
--
:wq
next prev parent reply other threads:[~2012-06-02 20:12 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-02 2:26 [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers William Kenworthy
2012-06-02 7:43 ` Florian Philipp
2012-06-02 8:13 ` pk
2012-06-02 13:00 ` Michael Mol
2012-06-02 13:12 ` Florian Philipp
2012-06-02 19:51 ` pk
2012-06-02 20:10 ` Michael Mol [this message]
2012-06-02 22:50 ` pk
2012-06-02 23:36 ` Michael Mol
2012-06-03 0:35 ` Florian Philipp
2012-06-03 1:39 ` Michael Mol
2012-06-03 2:04 ` BRM
2012-06-03 2:16 ` Michael Mol
2012-06-04 13:33 ` BRM
2012-06-04 14:34 ` Michael Mol
2012-06-04 21:13 ` BRM
2012-06-04 22:44 ` Michael Mol
2012-06-04 22:51 ` William Kenworthy
2012-06-05 6:15 ` Walter Dnes
2012-06-03 6:57 ` Walter Dnes
2012-06-03 11:07 ` Florian Philipp
2012-06-04 12:48 ` Mick
2012-06-04 12:57 ` Michael Mol
2012-06-05 12:52 ` Mick
2012-06-05 14:21 ` Michael Mol
2012-06-06 1:14 ` Bill Kenworthy
2012-06-06 19:40 ` Mick
2012-06-06 19:50 ` Michael Mol
2012-06-09 13:28 ` Mick
2012-06-06 23:50 ` William Kenworthy
2012-06-07 14:28 ` Stroller
2012-06-04 17:42 ` pk
2012-06-04 23:30 ` [gentoo-user] " Nikos Chantziaras
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+czFiD2aHPJu2d3P3zuZWKs2mZSxuR0Pfk3w2xZX=k=Uw1o9A@mail.gmail.com' \
--to=mikemol@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox