2012/6/26 Tim Serong
It probably is a PITA, but boot process attacks do exist - see for example
I agree with matthew and UEFI secure boot could provide protect at preboot. The question is it really a need for consumer product? assuming we all working in Nation Defense Department and will really appreciate this functionality? I think it would be fine for all of us if it's a default disabled feature, and SUSE could focus on the solution who really want this feature enabled on the products like server or preload machines .. the ms signing, first and second stage bootloader are aiming to get the distro boot up from this default shipped status in sake of better user experience, which is a bit twisted to the real purpose of secure boot IMHO. Regards, Michael
http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats - so this is not just security theatre. It's also worth having a read of couple more of mjg's posts:
"No, really, secure boot does add security" http://mjg59.dreamwidth.org/2012/06/14/
"The security of Secure Boot" http://mjg59.dreamwidth.org/12897.html
Regards,
Tim -- Tim Serong Senior Clustering Engineer SUSE tserong@suse.com -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org