27 Jun
2012
27 Jun
'12
09:13
On 26/06/12 16:56, Tim Serong wrote: > On 06/26/2012 04:43 PM, Basil Chupin wrote: >> On 26/06/12 15:13, M. Edward (Ed) Borasky wrote: >>> On Mon, Jun 25, 2012 at 9:01 PM, Michael Changwrote: >>> >>>> As one of the guys AJ mentioned who is working on the issue, I could >>>> tell that two basic principles for openSUSE >>>> >>> [snip] >>> >>>> 2. Be equal or friendly with other distribution >>>> That means the solution has to align with what most other distribution >>>> be able to choose and would allow co-operate with them. This implies >>>> the windows signing service would be used as it's an fair offer for >>>> all with a universal key installed. Until there's another signing >>>> authority recommended by uefi forum, this is the only possible way to >>>> go. >>> The Fedora proposal, presumably blessed by Red Hat, seems radically >>> different from the Ubuntu proposal, presumably blessed by Canonical. >>> So is there a "middle ground" between the two that would be friendly >>> to both? >> I am now wondering if this whole thing may be just an unnecessary PITA >> caused by yet another MS stumble. > It probably is a PITA, but boot process attacks do exist - see for > example > http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats > - so this is not just security theatre. It's also worth having a read > of couple more of mjg's posts: > > "No, really, secure boot does add security" > http://mjg59.dreamwidth.org/2012/06/14/ > > "The security of Secure Boot" > http://mjg59.dreamwidth.org/12897.html > > Regards, > > Tim As I earlier stated in another post, we have been booting our operating systems, say openSUSE, for many years without any problems. Yes, there is/was a setting in the BIOS which checks/checked for malware in the boot sector. But if there was one, which operating system/systems could suffer as a result of such malware? Not a Linux system is my understanding. But now an operating system which caused a multi-million secondary industry to evolve to try and protect it from malware has suddenly come up with a PITA procedure to try and protect itself from malware because it hasn't the ability to write software which is immune to malware. So, instead it comes up with this "uefi" crap which apparently affects EVERY operating in the world. And this is supposed to be "beneficial" to all computer systems/users!? I think the bottom line here is that- 1. re those closed-source/proprietary operating systems, they don't have bright enough programmers who are capable of putting together a system which is secure; and 2. re the opensource systems, like openSUSE, are too reliant on the efforts of "community" members to write code and then there is no procedure in place which thoroughly examines the code before it is included in a distro/s. The claim that Linux is secure because it is opensource and can be examined by anyone is but a lame claim when something is included as an update or upgrade but only examined at some future date after the horse has bolted and has caused a meltdown (you know what I mean). I must be missing something here, and I readily admit that I do not have the technical knowledge re this matter, but what is the good of booting a system with all this "uefi" rubbish when there is then no real security to install some file which has been written by some "community" member and which has not gone thru a security check to see what exactly it is trying to do? Proprietary software like that produced by MS and Apple have well paid programmers writing code and yet they come up with crap which is open to hacking. But openSUSE uses "community" members, and as Henne stated only days ago, /quote You do realize that we are an open source project and not your usual software-sweat-shop right? We as distro channel and integrate what all the FOSS projects and our own contributors do out there. We don't direct resources, we feed of what happens because an individual, a group or a company has an itch to scratch. /unquote Is this "uefi" thingie mean that *EVERY* piece of software which is to be installed on a system will require to be '"uefi"-compliant' before it will be installable so that the OS can be booted/rebooted with this piece of software installed? If not, then what is the good of going thru this "uefi" saga just to be able to boot the *operating* *system* - but then allow later/subsequent upgrades/updates to be installed without them being "uefi-compliant"? Or is every piece of software going to be thoroughly examined as a separate exercise to ensure that it contains no malware before it gets included as part of, say, openSUSE update/upgrade? BC -- Using openSUSE 12.2 x86_64 KDE 4.8.4 and kernel 3.4.3 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org