Announcement

Collapse
No announcement yet.

The State Of Linux Distributions Handling SecureBoot

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • uid313
    replied
    Next step?

    Microsoft has been going around spreading FUD about they owning Linux "intellectual property" (lol) and patents.

    Maybe the next step is, they only sign those who pay to license their patents. Some kind of extortion.

    Leave a comment:


  • mjg59
    replied
    Originally posted by crazycheese View Post
    I am not buying any shitty motherboard with secureboot. In fact, this thing is just crying for lawsuit!
    Under which law?

    Leave a comment:


  • mjg59
    replied
    Originally posted by duby229 View Post
    Explain to me how preventing linux from booting does anything, anything at all to help MS security situation?
    If your bootloader is compromised, you can no longer trust your running kernel. And if you can't trust your running kernel, you have no way of determining whether your machine has been compromised. That means that any security breach that would normally have been detected and fixed when you updated your system can instead remain there until you either boot off recovery media or replace your hard drive.

    Security is about layers. It's obviously better to prevent a system compromise in the first place, but software has bugs and it's inevitable that some of those will end up being security bugs. Linux isn't a special case here - check any distribution's security updates and you'll see that there's no shortage of remotely-exploitable bugs that permit arbitrary code execution. The sensible thing to assume is that at some point a bad guy will find one you don't know about and exploit it before you've fixed it. That means you need to reduce the damage that that compromise can do. selinux and apparmor are mostly protective technologies, not preventative technologies - both exist to reduce the damage that arbitrary code can do. Secure Boot is another example of a protective technology. It doesn't prevent an initial compromise, but it reduce the damage that that initial compromise can do.

    But for that to be useful, you need to know that the code you're executing is trusted. There's two ways of handling that - you either have the user explicitly tell you what's trusted (including letting the user tell you to trust everything), or you trust a third party to tell you what's trustworthy. Microsoft's implementation on x86 permits both. You can disable Secure Boot or install your own keys, or you can just assume that everything signed by Microsoft is valid.

    They didnt fix shit. All they did was fuck us. And they did it knowing what they were doing.
    Yeah, we're so fucked that there's already mainstream Linux distributions that boot out of the box on Secure Boot systems.

    Leave a comment:


  • crazycheese
    replied
    I am not buying any shitty motherboard with secureboot. In fact, this thing is just crying for lawsuit!

    Leave a comment:


  • duby229
    replied
    Explain to me how preventing linux from booting does anything, anything at all to help MS security situation?

    They didnt fix shit. All they did was fuck us. And they did it knowing what they were doing.

    Leave a comment:


  • mjg59
    replied
    Originally posted by duby229 View Post
    MS's problem not ours.
    And a problem they've solved in the only way that it's possible to solve it.

    Leave a comment:


  • duby229
    replied
    MS's problem not ours.

    Leave a comment:


  • mjg59
    replied
    Originally posted by duby229 View Post
    So then stop fuckin with our shit then.
    What's the difference between an unsigned Linux kernel and an unsigned trojaned Windows bootloader?

    Leave a comment:


  • duby229
    replied
    So then stop fuckin with our shit then.

    Leave a comment:


  • mjg59
    replied
    Originally posted by duby229 View Post
    MS needs to worry about IE's vulnerabilities before they need to worry about the linux kernels vulnerabilities. This secureboot shit is assinine. I'll never use win8 just because of this crap.
    They're not worried about the Linux kernel's vulnerabilities.

    Leave a comment:

Working...
X