Originally posted by osw89
View Post
GNOME To Warn Users If Secure Boot Disabled, Preparing Other Firmware Security Help
Collapse
X
-
Originally posted by sinepgib View Post
I share the sentiment, but how would you implement the loading of new keys? A reduced flash storage associated to the ROM? Otherwise, NVRAM is all you can write to, it will obviously get erased when removing the CMOS battery.
Comment
-
-
Originally posted by mb_q View PostFundamentally, to establish trust, you need some way to permanently seal the state, so yes, dedicated hardware for that is essential. With only volatile storage, it is impossible to fulfill SB promises, thus such implementation is, well, fake. IMHO the best solution is, again, coreboot, which would allow one to install verified, open source firmware tailored towards the security needs of an user.
Comment
-
-
Originally posted by CommunityMember View Post
Are you saying your PR has not been reviewed, or that you are issuing an unfunded request?
They have done quite a lot of stuff in the last two decades too(including the huge GNOME 3 redesign that most people aren't/weren't happy with) so it's not like they don't have the resources to do something about it. The fact that the devs have been focusing on comparatively quite irrelevant features while the most popular DE lacks a basic desktop feature even found on win98 is quite frankly just a sign of misdirection, it's like getting your house painted because you don't like the old color when your front door is missing and then getting mad at people for pointing out the stupidity. Your sentiment and GNOME devs being their repulsive selves when it comes to this issue makes me think Jobs was right about vision. I don't need to have a PR or donate to point this out and why would I want to contribute to a project whose members are repulsive people who are openly hostile to users offering criticism when there are alternatives?Last edited by osw89; 29 July 2022, 02:38 PM.
Comment
-
-
Originally posted by ClosedSource View PostThere is a lot of over-obsession with security. It's like how you get murdered on windows11 news websites if you still use xp or win7.
Originally posted by leo_sk View PostStill waiting to see someone influential raise a demand for consortium consisting of major OS and hardware vendors that grants keys instead of leaving all control to microsoft
Comment
-
-
Originally posted by CommunityMember View PostI take it you are unaware that you can choose to enroll your own signing key and use it for the modules you build? Or just disable the warning should you choose that. You have many other choices too.
I linked that exact specific part from readme which explains signing process.
Most users never did this and most users will never do that as well.
So that "enable SecureBoot" advice will basically serve as a pain point ; because it will confuse some users and enabling it will only boost "heh, Linux broke itself" praise because due to their own distros guidance they will enable it and boom!
Did you ever see an instance where Windows offers something to their users that it is guarenteed to lead such breakage, even if it has various workarounds?
Introducing/advising something like this without an easy peasy GUI oriented or automated way to make it work on every setup is a very dumb move.
In this case their setup was working fine two days ago; two days later their distro decided to lead people into messing with breakage. What a brilliant idea!Last edited by Leopard; 29 July 2022, 03:05 PM.
Comment
-
-
Originally posted by ClosedSource View PostI would say Linux is indeed significantly less secure than at least Microsoft Windows.
Oh wait, no - they are all Windows boxes. How odd.
Comment
-
-
Originally posted by andyprough View Post
Yes, that's why all those millions of compromised desktop boxes in the massive botnet swarms are always Linux systems.
Oh wait, no - they are all Windows boxes. How odd.
Who else gets calls from microsoft india all the time ? Herro this is miklosoft calling you hafe a ploblem with you computaLast edited by erniv2; 29 July 2022, 04:06 PM.
Comment
-
-
Originally posted by mb_q View PostSecure Boot is cool but its implementations are nonsense. I've tried enrolling user keys and signing the kernel on a few machines, and the story was the same --- verification was working ok, but a fw reset (removing CMOS battery, proper switch on the motherboard) was enough to jump back to the default SB state with my keys deleted.
So it is either this or using a machine with MS keys baked in, with a MS-approved bootloader blob, not a substantially tempting option.
I suspect the same story applies to all other switches this tool checks; without coreboot one has to trust the firmware, and these are traditionally totally unreliable, most vendors are more concerned with bloating them with kitsch fan animations that moving their quality anywhere higher than "somewhat seems to work for us".
Comment
-
-
Originally posted by Leopard View Post
I take it as you don't know how to read.
I linked that exact specific part from readme which explains signing process.
Most users never did this and most users will never do that as well.
Comment
-
Comment