Mailinglist Archive: opensuse-project (271 mails)

< Previous Next >
Re: [opensuse-project] UEFI situation
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Tue, 26 Jun 2012 10:59:56 +0200
  • Message-id: <jsbtmc$vq6$1@saturn.local.net>
Tim Serong wrote:

On 06/26/2012 04:43 PM, Basil Chupin wrote:
On 26/06/12 15:13, M. Edward (Ed) Borasky wrote:
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang <mchang@xxxxxxxx>
wrote:

As one of the guys AJ mentioned who is working on the issue, I
could tell that two basic principles for openSUSE

[snip]

2. Be equal or friendly with other distribution
That means the solution has to align with what most other
distribution be able to choose and would allow co-operate with
them. This implies the windows signing service would be used as
it's an fair offer for all with a universal key installed. Until
there's another signing authority recommended by uefi forum, this
is the only possible way to go.
The Fedora proposal, presumably blessed by Red Hat, seems radically
different from the Ubuntu proposal, presumably blessed by Canonical.
So is there a "middle ground" between the two that would be friendly
to both?

I am now wondering if this whole thing may be just an unnecessary
PITA caused by yet another MS stumble.

It probably is a PITA, but boot process attacks do exist - see for
example

http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats
- so this is not just security theatre.

We're probably going OT, but one can't help wondering if the risk of the
above is severe enough to warrant the combined UEFI effort - inventing
it, spec'ing it and the Linux communities' effort in working with or
around it.
I tend to side with Basil here - this is not just about security.
Follow-ups to opensuse-offtopic please.


--
Per Jessen, Zürich (19.8°C)

--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx

< Previous Next >