On 06/26/2012 04:43 PM, Basil Chupin wrote:
On 26/06/12 15:13, M. Edward (Ed) Borasky wrote:
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang
wrote: As one of the guys AJ mentioned who is working on the issue, I could tell that two basic principles for openSUSE
[snip]
2. Be equal or friendly with other distribution That means the solution has to align with what most other distribution be able to choose and would allow co-operate with them. This implies the windows signing service would be used as it's an fair offer for all with a universal key installed. Until there's another signing authority recommended by uefi forum, this is the only possible way to go. The Fedora proposal, presumably blessed by Red Hat, seems radically different from the Ubuntu proposal, presumably blessed by Canonical. So is there a "middle ground" between the two that would be friendly to both?
I am now wondering if this whole thing may be just an unnecessary PITA caused by yet another MS stumble.
It probably is a PITA, but boot process attacks do exist - see for example http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats - so this is not just security theatre. It's also worth having a read of couple more of mjg's posts: "No, really, secure boot does add security" http://mjg59.dreamwidth.org/2012/06/14/ "The security of Secure Boot" http://mjg59.dreamwidth.org/12897.html Regards, Tim -- Tim Serong Senior Clustering Engineer SUSE tserong@suse.com -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org