Mailinglist Archive: opensuse-project (271 mails)

< Previous Next >
Re: [opensuse-project] UEFI situation
On 26/06/12 16:56, Tim Serong wrote:
On 06/26/2012 04:43 PM, Basil Chupin wrote:
On 26/06/12 15:13, M. Edward (Ed) Borasky wrote:
On Mon, Jun 25, 2012 at 9:01 PM, Michael Chang<mchang@xxxxxxxx> wrote:

As one of the guys AJ mentioned who is working on the issue, I could
tell that two basic principles for openSUSE

[snip]

2. Be equal or friendly with other distribution
That means the solution has to align with what most other distribution
be able to choose and would allow co-operate with them. This implies
the windows signing service would be used as it's an fair offer for
all with a universal key installed. Until there's another signing
authority recommended by uefi forum, this is the only possible way to
go.
The Fedora proposal, presumably blessed by Red Hat, seems radically
different from the Ubuntu proposal, presumably blessed by Canonical.
So is there a "middle ground" between the two that would be friendly
to both?
I am now wondering if this whole thing may be just an unnecessary PITA
caused by yet another MS stumble.
It probably is a PITA, but boot process attacks do exist - see for
example
http://www.slideshare.net/daniel_bilar/matrosov-2012-recon-bootkit-threats
- so this is not just security theatre. It's also worth having a read
of couple more of mjg's posts:

"No, really, secure boot does add security"
http://mjg59.dreamwidth.org/2012/06/14/

"The security of Secure Boot"
http://mjg59.dreamwidth.org/12897.html

Regards,

Tim

As I earlier stated in another post, we have been booting our operating systems, say openSUSE, for many years without any problems.

Yes, there is/was a setting in the BIOS which checks/checked for malware in the boot sector. But if there was one, which operating system/systems could suffer as a result of such malware? Not a Linux system is my understanding.

But now an operating system which caused a multi-million secondary industry to evolve to try and protect it from malware has suddenly come up with a PITA procedure to try and protect itself from malware because it hasn't the ability to write software which is immune to malware. So, instead it comes up with this "uefi" crap which apparently affects EVERY operating in the world.

And this is supposed to be "beneficial" to all computer systems/users!?

I think the bottom line here is that-

1. re those closed-source/proprietary operating systems, they don't have bright enough programmers who are capable of putting together a system which is secure; and

2. re the opensource systems, like openSUSE, are too reliant on the efforts of "community" members to write code and then there is no procedure in place which thoroughly examines the code before it is included in a distro/s. The claim that Linux is secure because it is opensource and can be examined by anyone is but a lame claim when something is included as an update or upgrade but only examined at some future date after the horse has bolted and has caused a meltdown (you know what I mean).

I must be missing something here, and I readily admit that I do not have the technical knowledge re this matter, but what is the good of booting a system with all this "uefi" rubbish when there is then no real security to install some file which has been written by some "community" member and which has not gone thru a security check to see what exactly it is trying to do?

Proprietary software like that produced by MS and Apple have well paid programmers writing code and yet they come up with crap which is open to hacking.

But openSUSE uses "community" members, and as Henne stated only days ago,

/quote

You do realize that we are an open source project and not your usual software-sweat-shop right?

We as distro channel and integrate what all the FOSS projects and our own contributors do out there. We don't direct resources, we feed of what happens because an individual, a group or a company has an itch to scratch.

/unquote


Is this "uefi" thingie mean that *EVERY* piece of software which is to be installed on a system will require to be '"uefi"-compliant' before it will be installable so that the OS can be booted/rebooted with this piece of software installed?

If not, then what is the good of going thru this "uefi" saga just to be able to boot the *operating* *system* - but then allow later/subsequent upgrades/updates to be installed without them being "uefi-compliant"? Or is every piece of software going to be thoroughly examined as a separate exercise to ensure that it contains no malware before it gets included as part of, say, openSUSE update/upgrade?


BC

--
Using openSUSE 12.2 x86_64 KDE 4.8.4 and kernel 3.4.3 on a system with-
AMD FX 8-core 3.6/4.2GHz processor
16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU

--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx

< Previous Next >