Tim Serong wrote:
On 06/26/2012 04:43 PM, Basil Chupin wrote:
On 26/06/12 15:13, M. Edward (Ed) Borasky wrote:
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang
wrote: As one of the guys AJ mentioned who is working on the issue, I could tell that two basic principles for openSUSE
[snip]
2. Be equal or friendly with other distribution That means the solution has to align with what most other distribution be able to choose and would allow co-operate with them. This implies the windows signing service would be used as it's an fair offer for all with a universal key installed. Until there's another signing authority recommended by uefi forum, this is the only possible way to go. The Fedora proposal, presumably blessed by Red Hat, seems radically different from the Ubuntu proposal, presumably blessed by Canonical. So is there a "middle ground" between the two that would be friendly to both?
I am now wondering if this whole thing may be just an unnecessary PITA caused by yet another MS stumble.
It probably is a PITA, but boot process attacks do exist - see for example
http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats
- so this is not just security theatre.
We're probably going OT, but one can't help wondering if the risk of the above is severe enough to warrant the combined UEFI effort - inventing it, spec'ing it and the Linux communities' effort in working with or around it. I tend to side with Basil here - this is not just about security. Follow-ups to opensuse-offtopic please. -- Per Jessen, Zürich (19.8°C) -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org