Announcement

Collapse
No announcement yet.

The State Of Linux Distributions Handling SecureBoot

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Explain to me how preventing linux from booting does anything, anything at all to help MS security situation?

    They didnt fix shit. All they did was fuck us. And they did it knowing what they were doing.

    Comment


    • #12
      I am not buying any shitty motherboard with secureboot. In fact, this thing is just crying for lawsuit!

      Comment


      • #13
        Originally posted by duby229 View Post
        Explain to me how preventing linux from booting does anything, anything at all to help MS security situation?
        If your bootloader is compromised, you can no longer trust your running kernel. And if you can't trust your running kernel, you have no way of determining whether your machine has been compromised. That means that any security breach that would normally have been detected and fixed when you updated your system can instead remain there until you either boot off recovery media or replace your hard drive.

        Security is about layers. It's obviously better to prevent a system compromise in the first place, but software has bugs and it's inevitable that some of those will end up being security bugs. Linux isn't a special case here - check any distribution's security updates and you'll see that there's no shortage of remotely-exploitable bugs that permit arbitrary code execution. The sensible thing to assume is that at some point a bad guy will find one you don't know about and exploit it before you've fixed it. That means you need to reduce the damage that that compromise can do. selinux and apparmor are mostly protective technologies, not preventative technologies - both exist to reduce the damage that arbitrary code can do. Secure Boot is another example of a protective technology. It doesn't prevent an initial compromise, but it reduce the damage that that initial compromise can do.

        But for that to be useful, you need to know that the code you're executing is trusted. There's two ways of handling that - you either have the user explicitly tell you what's trusted (including letting the user tell you to trust everything), or you trust a third party to tell you what's trustworthy. Microsoft's implementation on x86 permits both. You can disable Secure Boot or install your own keys, or you can just assume that everything signed by Microsoft is valid.

        They didnt fix shit. All they did was fuck us. And they did it knowing what they were doing.
        Yeah, we're so fucked that there's already mainstream Linux distributions that boot out of the box on Secure Boot systems.

        Comment


        • #14
          Originally posted by crazycheese View Post
          I am not buying any shitty motherboard with secureboot. In fact, this thing is just crying for lawsuit!
          Under which law?

          Comment


          • #15
            Next step?

            Microsoft has been going around spreading FUD about they owning Linux "intellectual property" (lol) and patents.

            Maybe the next step is, they only sign those who pay to license their patents. Some kind of extortion.

            Comment


            • #16
              Originally posted by mjg59 View Post
              Under which law?
              Antitrust law.

              Comment


              • #17
                Originally posted by crazycheese View Post
                Antitrust law.
                Unlike the forced bundling of IE and Windows, Microsoft aren't actually forcing anyone to do anything here.

                Comment


                • #18
                  According to another thread in this forum, there already are some boards with UEFI firmware that don't allow turning off secure boot. That would be lawsuit-worthy, it looks like.

                  Comment


                  • #19
                    Originally posted by GreatEmerald View Post
                    According to another thread in this forum, there already are some boards with UEFI firmware that don't allow turning off secure boot. That would be lawsuit-worthy, it looks like.
                    If they've got Windows 8 stickers then please let me know the manufacturer and model. If they don't, then you're probably limited to arguing with the manufacturer over whether or not they were correctly advertised - Microsoft didn't force them to do that, so it's unclear how you'd be able to sue them.

                    Comment


                    • #20
                      MS essentially said... "Lets make up some imaginary boot loader virus so we can fuck linux!"

                      Windows 8 is still gonna get just as comprimised as every other windows has ever been. And booting linux doesnt have a single damn thing to do with that.

                      Comment

                      Working...
                      X