Announcement

Collapse
No announcement yet.

The State Of Linux Distributions Handling SecureBoot

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #76
    Originally posted by Sonadow View Post
    You're damn right Linux is not their problem.

    That's why they are under no obligation to make sure Secure Boot plays nice with Linux. They're just looking out for Windows. Which is PRECISELY what they are doing with Secure Boot.

    Just like you don't care about Microsoft and Windows, Microsoft does not need to care about Linux users having issues with Secure Boot. Except that they ARE by offering signing services. Garett managed to get his shim signed by Microsoft, and that shim is now freely distributed to everybody and it forms the basis for the bootloaders used by Ubuntu, Fedora and SuSe (no word on OpenSUSE yet).

    But then again, most idiots in the Linux world can't even see beyond the year 2002. Thank god I jumped from Fedora 17 to Windows 8 as soon as it came out. Pure hardware bliss without the stinking political 'free shit' baggage.
    And THAT is exactly the problem. How many linux distro's are -not- listed. How many exactly? All I see are the ones that could pay them off.

    You can use whatever OS you prefer to use. What ever floats your boat. Anything that tickles your tonsil. As long as I'm allowed the same freedom please.
    Last edited by duby229; 12-28-2012, 09:31 PM.

    Comment


    • #77
      Originally posted by Sonadow View Post
      Anything that modifies the bootloader or the boot process will cause a change in the pre-boot signature.
      And as I said, I'll bet it gets hacked. In 2 years from now there will be more boot loader viruses than ever before -because- of secureboot. Simply because it provided a target. Fresh meat and all that jazz. The overubundance of opportunity will prevail. I'm sure of it.

      Hell If I ever get to the spot that I can't get my favorite OS to boot because of secureboot, I'm sure I'll be involved with the crowd that is hacking it.

      EDIT: I can't even begin to imagine all of the un-hackable protection schemes that have been hacked. My favorite has got to be AACS though. It took some time, but guess what happened...... Now I can --FINALLY-- play my bluray movies on my media center. It's just one example of many where the dumb ass shit that corporate america does gets pushed into there dumb ass faces. I'm sure MS is going to be eating their own shit when this gets shoved so far up their ass that they can taste it.
      Last edited by duby229; 12-28-2012, 09:48 PM.

      Comment


      • #78
        Originally posted by duby229 View Post
        And as I said, I'll bet it gets hacked. In 2 years from now there will be more boot loader viruses than ever before -because- of secureboot. Simply because it provided a target. Fresh meat and all that jazz. The overubundance of opportunity will prevail. I'm sure of it.

        Hell If I ever get to the spot that I can't get my favorite OS to boot because of secureboot, I'm sure I'll be involved with the crowd that is hacking it.

        EDIT: I can't even begin to imagine all of the un-hackable protection schemes that have been hacked. My favorite has got to be AACS though. It took some time, but guess what happened......
        Cryptographic signatures have been important enough to be a target for a long time, and from time to time flaws are founnd in them. They are not, however, common things to have broken and there is no reason to believe that secure boot will make cryptography be broken sooner.

        Comment


        • #79
          It's a basic law of physics. If there are 10 computers with secureboot running on it, then the opportunities for finding flaws are limited. If there are 85,000,000 computers running it, then the abundance of opportunity will prevail. At least some of those computers will exhibit qwerks that will be learned from and adapted.

          Comment


          • #80
            Originally posted by duby229 View Post
            I'm sure MS is going to be eating their own shit when this gets shoved so far up their ass that they can taste it.
            Your ignorance is showing.

            SecureBoot is not a Microsoft creation. Never has, never will. It's part of the UEFI standard that was formally agreed upon and pushed out to all mainboards in the last 2 -3 years. Microsoft is only the first company to require Secure Boot for its operating system.

            If you have a problem with that, take it up to the UEFI board, not Microsoft. As far as Microsoft is concerned, they have already fulfilled their obligations by making sure that all x86 machines will have an option to allow the enrolling of custom keys into the Secure Boot signature list (by providing the signing service nobody wants to offer) and stipulating that x86 machines must provide the ability to turn off Secure Boot.

            The options are already there. If Linux users love to proclaim that they will pay for Free software, it's time for them to put their money where their mouth is and donate to their distro of choice so that the maintainers can raise the one-time $99 fee (which goes to VeriSign, NOT Microsoft) to get their bootloader signed and ensure that the distro will play nice with Secure Boot.

            Lastly, Garett is not stopping any distribution from using his shim. So in all respects the solution is already out there and ready to be used, just like how Ubuntu, Red Hat, Fedora and SUSE have already started using Shim. Unfortunately, the desire for 'my own solution because I don't want to use someone else's work which is already freely available because my ego is too big', an over-inflated sense of entitlement, along with the fanboy hate for Microsoft blinds everyone to the immediate solution already made available.

            One last thing: Linux is not about market share? Not in this corporate world. If you want to be taken seriously by OEMs and hardware vendors or even have the clout to overturn asinine decisions like Secure Boot, market share is a must-have. Get that desktop market share from 1.4% up to at least 10% and I can assure you Microsoft will have to think thrice when stipulating hardware conditions for OEMs for subsequent versions of Windows in the future.
            Last edited by Sonadow; 12-28-2012, 10:54 PM.

            Comment


            • #81
              Originally posted by dashcloud View Post
              Microsoft's latest OSes are pretty damn good- look here:
              http://thenextweb.com/microsoft/2012...bilities-list/

              In the top 10 vulnerabilities, there is not a single MS product to be found- it's dominated by Java & Flash (which are cross-platform).

              (If you'd like to see the source article, it's here (at the bottom): http://www.securelist.com/en/analysi...lution_Q3_2012

              The Microsoft of today is not the Microsoft that put out Windows XP, and sometimes, the attackers are just so far ahead of you, there's nothing you can do (see Flame & Duqu).
              I know they're trying. I know M$ is making inroads into security. Linux have their own repos which is a boon to thwart a rouge application and Windows8 is trying hard for it's version (well more like an Apple walled garden). To be honest I feel
              is necessary instead of ooops I installed what? Java and Flash are both dangerous no doubt.

              With that said I don't trust them anymore. To each their own however.
              Last edited by nightmarex; 12-29-2012, 01:46 AM.

              Comment


              • #82
                but MBR Boot viruses aren't 'new'

                I remember the Stoned MBR boot virus, but it was easy to fix, as is many of them *if* you have a bootable CD/DVD, you can just clobber the MBR accordingly (tough, if the virus installed DLLs/DSOs, kernel modules whatever then you need to do a audit of system which isn't too difficult with deb or RPM based packages (checksums), worse if those got compromised somehow, while on a recovery DVD, you could just clobber the essential DSOs (libraries), kernel modules etc (with compatible older package versions)

                So my question is, since we've had bootsector viruses for YEARS, even old BIOS uses to have MBR bootsector virus detection (limited).

                Why the fuss for SecureBoot all of a sudden? It's not like any of this is new, be it MBR or kernel level rootkits.

                Comment


                • #83
                  Originally posted by spstarr View Post
                  I remember the Stoned MBR boot virus, but it was easy to fix, as is many of them *if* you have a bootable CD/DVD, you can just clobber the MBR accordingly (tough, if the virus installed DLLs/DSOs, kernel modules whatever then you need to do a audit of system which isn't too difficult with deb or RPM based packages (checksums), worse if those got compromised somehow, while on a recovery DVD, you could just clobber the essential DSOs (libraries), kernel modules etc (with compatible older package versions)

                  So my question is, since we've had bootsector viruses for YEARS, even old BIOS uses to have MBR bootsector virus detection (limited).

                  Why the fuss for SecureBoot all of a sudden? It's not like any of this is new, be it MBR or kernel level rootkits.
                  I think that the original intention is in good faith. I think that this is a first small step into a future where everything, from start to shutdown, is verified by digital signatures.

                  This is to prevent rootkits and other malicious programs from being ran.

                  I just don't think this a good approach against this virus problem. You are more effective by focusing on application security before it even reaches the user. Let applications run in different containers, make sure there is no cross contagion between different pieces of software. Let the end-user decide whether this is allowed or not. People need to more self conscious about this. You can throw a lot of technlogy at a certain problem, but in the end it's the user who makes the (fatal) mistakes.

                  Comment


                  • #84
                    Originally posted by mjg59 View Post
                    Again, please describe a solution that Microsoft could have used to prevent bootloader malware without also preventing booting of unsigned Linux. They worried about their OS. They came up with a solution that works for their OS. If you don't like their solution, describe a better one.
                    Microsoft fixed their problem by restricting others freedom.

                    It is like I (microsoft) am the richest and nasties guy in town and because of that kids don't like me and throw rocks on my windows. So what I do? I make the mayor (OEMs), which I hold by the balls, put barriers and guards on the public road so nobody can walk around without my permission.

                    Comment


                    • #85
                      Originally posted by zoomblab View Post
                      MicroSuck fixed their problem by restricting others freedom.

                      It is like I (MicroSuck) am the richest and nasties guy in town and because of that kids don't like me and throw rocks on my windows. So what I do? I make the mayor (OEMs), which I hold by the balls, put barriers and guards on the public road so nobody can walk around without my permission.
                      Then please explain Microsoft distributing signed bootloader binaries.

                      To put it in analogy with your story: You can throw rocks at my window as long as I inspected and signed them...

                      Comment


                      • #86
                        Originally posted by Rexilion View Post
                        Then please explain Microsoft distributing signed bootloader binaries.

                        To put it in analogy with your story: You can throw rocks at my window as long as I inspected and signed them...
                        That is sooooo much crap. What if you need to boot a small linux distro thats sole purpose is to circomvent windows user passwords? I do it on a regular basis as a repair tech. Is secureboot going to allow that perfectly valid usage? I doubt it.

                        Comment


                        • #87
                          Originally posted by duby229 View Post
                          That is sooooo much crap. What if you need to boot a small linux distro thats sole purpose is to circomvent windows user passwords? I do it on a regular basis as a repair tech. Is secureboot going to allow that perfectly valid usage? I doubt it.
                          It already does.

                          Comment


                          • #88
                            Wow

                            I read half this thread, and now feel dumber for doing so.

                            It's incredible how completely stupid some people are, how they are so sure of themselves when they are talking complete crap that is factually wrong.

                            Comment


                            • #89
                              Originally posted by smitty3268 View Post
                              I read half this thread, and now feel dumber for doing so.

                              It's incredible how completely stupid some people are, how they are so sure of themselves when they are talking complete crap that is factually wrong.
                              Care to elaborate your insult? This is a forum, people state opinions. Those cannot be wrong. What facts are incorrect?

                              Comment


                              • #90
                                Originally posted by Rexilion View Post
                                Care to elaborate your insult? This is a forum, people state opinions. Those cannot be wrong. What facts are incorrect?
                                I really don't think that would be worthwhile. It wouldn't be anything that hasn't already been said 100 times.

                                Comment

                                Working...
                                X