Mailinglist Archive: opensuse-project (271 mails)

< Previous Next >
Re: [opensuse-project] UEFI situation
  • From: Michael Chang <mchang@xxxxxxxx>
  • Date: Tue, 26 Jun 2012 18:03:27 +0800
  • Message-id: <CAOx4COUPp4wjGHTq=weQ9dnFNTWAD+0CJMoK43GapfOAp7fw0w@mail.gmail.com>
2012/6/26 Tim Serong <tserong@xxxxxxxx>:

It probably is a PITA, but boot process attacks do exist - see for
example

I agree with matthew and UEFI secure boot could provide protect at
preboot. The question is it really a need for consumer product?
assuming we all working in Nation Defense Department and will really
appreciate this functionality?

I think it would be fine for all of us if it's a default disabled
feature, and SUSE could focus on the solution who really want this
feature enabled on the products like server or preload machines .. the
ms signing, first and second stage bootloader are aiming to get the
distro boot up from this default shipped status in sake of better user
experience, which is a bit twisted to the real purpose of secure boot
IMHO.

Regards,
Michael

http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats
- so this is not just security theatre.  It's also worth having a read
of couple more of mjg's posts:

 "No, really, secure boot does add security"
 http://mjg59.dreamwidth.org/2012/06/14/

 "The security of Secure Boot"
 http://mjg59.dreamwidth.org/12897.html

Regards,

Tim
--
Tim Serong
Senior Clustering Engineer
SUSE
tserong@xxxxxxxx
--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx


--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx

< Previous Next >