FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 06-16-2012, 11:37 PM
Steev Klimaszewski
 
Default UEFI secure boot and Gentoo

Just picking a random response to reply to. I'm not speaking
officially, however, I'm pretty sure we at Genesi aren't going to pay
Microsoft in order to boot our own boards.
 
Old 06-16-2012, 11:52 PM
Matthew Summers
 
Default UEFI secure boot and Gentoo

On Thu, Jun 14, 2012 at 11:28 PM, Greg KH <gregkh@gentoo.org> wrote:
>
> So, anyone been thinking about this? *I have, and it's not pretty.
>
> Should I worry about this and how it affects Gentoo, or not worry about
> Gentoo right now and just focus on the other issues?
>
> Minor details like, "do we have a 'company' that can pay Microsoft to
> sign our bootloader?" is one aspect from the non-technical side that I've
> been wondering about.
>
> thanks,
>
> greg k-h
>

Pardon my ignorance, but will we be requires to sign the boot
loader/kernel on our install media for a Win8 machine to boot the iso?

--
Matthew W. Summers
Gentoo Foundation Inc.
 
Old 06-16-2012, 11:52 PM
Matthew Summers
 
Default UEFI secure boot and Gentoo

On Thu, Jun 14, 2012 at 11:28 PM, Greg KH <gregkh@gentoo.org> wrote:
>
> So, anyone been thinking about this? *I have, and it's not pretty.
>
> Should I worry about this and how it affects Gentoo, or not worry about
> Gentoo right now and just focus on the other issues?
>
> Minor details like, "do we have a 'company' that can pay Microsoft to
> sign our bootloader?" is one aspect from the non-technical side that I've
> been wondering about.
>
> thanks,
>
> greg k-h
>

Pardon my ignorance, but will we be requires to sign the boot
loader/kernel on our install media for a Win8 machine to boot the iso?

--
Matthew W. Summers
Gentoo Foundation Inc.
 
Old 06-17-2012, 09:20 AM
Florian Philipp
 
Default UEFI secure boot and Gentoo

Am 16.06.2012 19:51, schrieb Michał Górny:
> On Fri, 15 Jun 2012 09:54:12 +0200
> Florian Philipp <lists@binarywings.net> wrote:
>
>> Am 15.06.2012 06:50, schrieb Duncan:
>>> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted:
>>>
>>>> So, anyone been thinking about this? I have, and it's not pretty.
>>>>
>>>> Should I worry about this and how it affects Gentoo, or not worry
>>>> about Gentoo right now and just focus on the other issues?
>>>>
>>>> Minor details like, "do we have a 'company' that can pay Microsoft
>>>> to sign our bootloader?" is one aspect from the non-technical side
>>>> that I've been wondering about.
>>>
>>> I've been following developments and wondering a bit about this
>>> myself.
>>>
>>> I had concluded that at least for x86/amd64, where MS is mandating
>>> a user controlled disable-signed-checking option, gentoo shouldn't
>>> have a problem. Other than updating the handbook to accommodate
>>> UEFI, presumably along with the grub2 stabilization, I believe
>>> we're fine as if a user can't figure out how to disable that option
>>> on their (x86/amd64) platform, they're hardly likely to be a good
>>> match for gentoo in any case.
>>>
>>
>> As a user, I'd still like to have the chance of using Secure Boot with
>> Gentoo since it _really_ increases security. Even if it means I can no
>> longer build my own kernel.
>
> It doesn't. It's just a very long wooden fence; you just didn't find
> the hole yet.
>

Oh come on! That's FUD and you know it. If not, did you even look at the
specs and working principle?

Regards,
Florian Philipp
 
Old 06-17-2012, 09:20 AM
Florian Philipp
 
Default UEFI secure boot and Gentoo

Am 16.06.2012 19:51, schrieb Michał Górny:
> On Fri, 15 Jun 2012 09:54:12 +0200
> Florian Philipp <lists@binarywings.net> wrote:
>
>> Am 15.06.2012 06:50, schrieb Duncan:
>>> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted:
>>>
>>>> So, anyone been thinking about this? I have, and it's not pretty.
>>>>
>>>> Should I worry about this and how it affects Gentoo, or not worry
>>>> about Gentoo right now and just focus on the other issues?
>>>>
>>>> Minor details like, "do we have a 'company' that can pay Microsoft
>>>> to sign our bootloader?" is one aspect from the non-technical side
>>>> that I've been wondering about.
>>>
>>> I've been following developments and wondering a bit about this
>>> myself.
>>>
>>> I had concluded that at least for x86/amd64, where MS is mandating
>>> a user controlled disable-signed-checking option, gentoo shouldn't
>>> have a problem. Other than updating the handbook to accommodate
>>> UEFI, presumably along with the grub2 stabilization, I believe
>>> we're fine as if a user can't figure out how to disable that option
>>> on their (x86/amd64) platform, they're hardly likely to be a good
>>> match for gentoo in any case.
>>>
>>
>> As a user, I'd still like to have the chance of using Secure Boot with
>> Gentoo since it _really_ increases security. Even if it means I can no
>> longer build my own kernel.
>
> It doesn't. It's just a very long wooden fence; you just didn't find
> the hole yet.
>

Oh come on! That's FUD and you know it. If not, did you even look at the
specs and working principle?

Regards,
Florian Philipp
 
Old 06-17-2012, 03:51 PM
Michał Górny
 
Default UEFI secure boot and Gentoo

On Sun, 17 Jun 2012 11:20:38 +0200
Florian Philipp <lists@binarywings.net> wrote:

> Am 16.06.2012 19:51, schrieb Michał Górny:
> > On Fri, 15 Jun 2012 09:54:12 +0200
> > Florian Philipp <lists@binarywings.net> wrote:
> >
> >> Am 15.06.2012 06:50, schrieb Duncan:
> >>> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted:
> >>>
> >>>> So, anyone been thinking about this? I have, and it's not
> >>>> pretty.
> >>>>
> >>>> Should I worry about this and how it affects Gentoo, or not worry
> >>>> about Gentoo right now and just focus on the other issues?
> >>>>
> >>>> Minor details like, "do we have a 'company' that can pay
> >>>> Microsoft to sign our bootloader?" is one aspect from the
> >>>> non-technical side that I've been wondering about.
> >>>
> >>> I've been following developments and wondering a bit about this
> >>> myself.
> >>>
> >>> I had concluded that at least for x86/amd64, where MS is mandating
> >>> a user controlled disable-signed-checking option, gentoo shouldn't
> >>> have a problem. Other than updating the handbook to accommodate
> >>> UEFI, presumably along with the grub2 stabilization, I believe
> >>> we're fine as if a user can't figure out how to disable that
> >>> option on their (x86/amd64) platform, they're hardly likely to be
> >>> a good match for gentoo in any case.
> >>>
> >>
> >> As a user, I'd still like to have the chance of using Secure Boot
> >> with Gentoo since it _really_ increases security. Even if it means
> >> I can no longer build my own kernel.
> >
> > It doesn't. It's just a very long wooden fence; you just didn't find
> > the hole yet.
> >
>
> Oh come on! That's FUD and you know it. If not, did you even look at
> the specs and working principle?

Could you answer the following question:

1. How does it increase security?
2. What happens if, say, your bootloader is compromised?
3. What happens if the machine signing the blobs is compromised?

--
Best regards,
Michał Górny
 
Old 06-17-2012, 04:55 PM
Greg KH
 
Default UEFI secure boot and Gentoo

On Sun, Jun 17, 2012 at 05:51:04PM +0200, Michał Górny wrote:
> On Sun, 17 Jun 2012 11:20:38 +0200
> Florian Philipp <lists@binarywings.net> wrote:
>
> > Am 16.06.2012 19:51, schrieb Michał Górny:
> > > On Fri, 15 Jun 2012 09:54:12 +0200
> > > Florian Philipp <lists@binarywings.net> wrote:
> > >
> > >> Am 15.06.2012 06:50, schrieb Duncan:
> > >>> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted:
> > >>>
> > >>>> So, anyone been thinking about this? I have, and it's not
> > >>>> pretty.
> > >>>>
> > >>>> Should I worry about this and how it affects Gentoo, or not worry
> > >>>> about Gentoo right now and just focus on the other issues?
> > >>>>
> > >>>> Minor details like, "do we have a 'company' that can pay
> > >>>> Microsoft to sign our bootloader?" is one aspect from the
> > >>>> non-technical side that I've been wondering about.
> > >>>
> > >>> I've been following developments and wondering a bit about this
> > >>> myself.
> > >>>
> > >>> I had concluded that at least for x86/amd64, where MS is mandating
> > >>> a user controlled disable-signed-checking option, gentoo shouldn't
> > >>> have a problem. Other than updating the handbook to accommodate
> > >>> UEFI, presumably along with the grub2 stabilization, I believe
> > >>> we're fine as if a user can't figure out how to disable that
> > >>> option on their (x86/amd64) platform, they're hardly likely to be
> > >>> a good match for gentoo in any case.
> > >>>
> > >>
> > >> As a user, I'd still like to have the chance of using Secure Boot
> > >> with Gentoo since it _really_ increases security. Even if it means
> > >> I can no longer build my own kernel.
> > >
> > > It doesn't. It's just a very long wooden fence; you just didn't find
> > > the hole yet.
> > >
> >
> > Oh come on! That's FUD and you know it. If not, did you even look at
> > the specs and working principle?
>
> Could you answer the following question:
>
> 1. How does it increase security?

Non-signed bootloaders and kernels will not run.

> 2. What happens if, say, your bootloader is compromised?

And how would this happen? Your bootloader would not run.

> 3. What happens if the machine signing the blobs is compromised?

So, who's watching the watchers, right? Come on, this is getting
looney.

greg k-h
 
Old 06-17-2012, 04:56 PM
Matthew Finkel
 
Default UEFI secure boot and Gentoo

On Sun, Jun 17, 2012 at 11:51 AM, Michał Górny <mgorny@gentoo.org> wrote:


On Sun, 17 Jun 2012 11:20:38 +0200

Florian Philipp <lists@binarywings.net> wrote:



> Am 16.06.2012 19:51, schrieb Michał Górny:

> > On Fri, 15 Jun 2012 09:54:12 +0200

> > Florian Philipp <lists@binarywings.net> wrote:

> >

> >> Am 15.06.2012 06:50, schrieb Duncan:

> >>> Greg KH posted on Thu, 14 Jun 2012 21:28:10 -0700 as excerpted:

> >>>

> >>>> So, anyone been thinking about this? *I have, and it's not

> >>>> pretty.

> >>>>

> >>>> Should I worry about this and how it affects Gentoo, or not worry

> >>>> about Gentoo right now and just focus on the other issues?

> >>>>

> >>>> Minor details like, "do we have a 'company' that can pay

> >>>> Microsoft to sign our bootloader?" is one aspect from the

> >>>> non-technical side that I've been wondering about.

> >>>

> >>> I've been following developments and wondering a bit about this

> >>> myself.

> >>>

> >>> I had concluded that at least for x86/amd64, where MS is mandating

> >>> a user controlled disable-signed-checking option, gentoo shouldn't

> >>> have a problem. *Other than updating the handbook to accommodate

> >>> UEFI, presumably along with the grub2 stabilization, I believe

> >>> we're fine as if a user can't figure out how to disable that

> >>> option on their (x86/amd64) platform, they're hardly likely to be

> >>> a good match for gentoo in any case.

> >>>

> >>

> >> As a user, I'd still like to have the chance of using Secure Boot

> >> with Gentoo since it _really_ increases security. Even if it means

> >> I can no longer build my own kernel.

> >

> > It doesn't. It's just a very long wooden fence; you just didn't find

> > the hole yet.

> >

>

> Oh come on! That's FUD and you know it. If not, did you even look at

> the specs and working principle?



Could you answer the following question:
(Sorry to jump in on this*Florian)
The real problem that surrounds this idea of security is that we need to make*

_a lot_ of assumptions about the code/programs we run. We _trust_ that the*code we compile is as secure as possible and does not implement any*"backdoors". If this is the case, then

*
1. How does it increase security?
This removed a few vectors of attack and ensures your computer is onlybootstrapped by and booted using software you think is safe. By usingany software we don't write, we make a lot of assumptions.



2. What happens if, say, your bootloader is compromised?
Same thing that would happen if the bootloader was compromised today.*We currently rely on trusting the maintainer, code review, community review, etc.

Perhaps these efforts will need to be doubled now that any weak-link could*compromise the system.*


3. What happens if the machine signing the blobs is compromised?
See above. But also, a compromised system wouldn't necessarily mean theblobs would be compromised as well. In addition, ideally the priv-key would

be kept isolated to ensure a compromise would be extremely difficult.
My understanding is that it's not the case that UEFI will lock down a system to*prevent a compromise*from occurring, it's the fact that it reduces the areas of attack*

and/or makes*the attacks extremely difficult to accomplish. This just adds more*protection in hardware*for kernel-space that SELinux, apparmor, etc provide for userspace.
- Matt
 
Old 06-17-2012, 04:58 PM
Greg KH
 
Default UEFI secure boot and Gentoo

On Sat, Jun 16, 2012 at 06:37:41PM -0500, Steev Klimaszewski wrote:
> Just picking a random response to reply to. I'm not speaking
> officially, however, I'm pretty sure we at Genesi aren't going to pay
> Microsoft in order to boot our own boards.

If you don't want your boards to be Windows 8 certified, then you are
fine. Otherwise, you have to follow their guidelines, which I don't
think requires paying them any money if you want to run Windows 8.

Also, as these are "your own boards", you control the BIOS, so you don't
even have to implement UEFI, or, if you do, you can control what keys
are installed in the BIOS by default.

So I don't understand the issue here, please explain.

greg k-h
 
Old 06-17-2012, 05:03 PM
Greg KH
 
Default UEFI secure boot and Gentoo

On Sat, Jun 16, 2012 at 12:22:24PM +0300, Maxim Kammerer wrote:
> On Fri, Jun 15, 2012 at 3:01 PM, Rich Freeman <rich0@gentoo.org> wrote:
> > I think that anybody that really cares about security should be
> > running in custom mode anyway, and should just re-sign anything they
> > want to run. *Custom mode lets you clear every single key in the
> > system from the vendor on down, and gives you the ability to ensure
> > the system only boots stuff you want it to.
>
> I have several questions, that hopefully someone familiar with UEFI
> Secure Boot is able to answer. If I understand UEFI correctly, the
> user will need to not just re-sign bootloaders, but also the
> OS-neutral drivers (e.g., UEFI GOP), which are hardware-specific, and
> will be probably signed with Microsoft keys, since the hardware vendor
> would otherwise need to implement expensive key security measures — is
> that correct?

Huh? No, why would a user need to resign the UEFI drivers? Those
"live" in the BIOS and are only used to get the machine up and running
in UEFI space, before UEFI hands the control off to the bootloader it
has verified is signed with a correct key.

> If the user does not perform this procedure (due to its
> complexity and/or lack of tools automating the process), is it
> possible for an externally connected device to compromise the system
> by supplying a Microsoft-signed blob directly to the UEFI firmware,
> circumventing the (Linux) OS?

Again, what? Please explain.

> Is it possible to develop an automatic
> re-signing tool — i.e., does the API support all needed features
> (listing / extracting drivers, revoking keys, adding keys, etc.)?

What API? The signing tool is public, and no, it doesn't add keys,
that's up to the BIOS to do, not the userspace tool.

confused,

greg k-h
 

Thread Tools




All times are GMT. The time now is 09:50 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org