| Rich Freeman on 17 Oct 2016 17:47:03 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Linux Laptop |
On Mon, Oct 17, 2016 at 8:27 PM, Steve Litt <slitt@troubleshooters.com> wrote: > On Mon, 17 Oct 2016 15:46:14 -0400 > Rich Freeman <r-plug@thefreemanclan.net> wrote: > >> However, as long as MS continues to sign alternate bootloaders it >> actually is a relative non-issue. > > For those using mainstream distros. > I don't use a mainstream distro, and I'm not worried. Microsoft has issued keys for non-distro-associated FOSS bootloader projects. You can boot anything using these. eg http://blog.hansenpartnership.com/linux-foundation-secure-boot-system-released/ In general it sounds like they're willing to sign generic bootloaders that can be used to boot any OS, as long as the bootloader requires user interaction the first time a new OS is booted. So, this is really no different from something like grub, except that you can't just edit a text file to configure it (at least not without some kind of interaction with the bootloader to confirm the changes the first time). What they don't want is a signed bootloader that could just be configured by some malware to load a rootkit before it loads the OS. > Also, it would be interesting to see what happens to a keyed distro if > one recompiles the kernel with different stuff in it. > It depends on how their bootloader works. If it were using something like the Linux Foundation shim then you'd need to confirm the changes at next boot. If it were something like the Ubuntu approach then it would refuse to boot. The best way is to just change the keys trusted by your firmware, so that only images you explicitly sign will run. Then nobody can just boot your system off of an arbitrary image. Of course, you can get similar protection using a TPM chip and full disk encryption backed by a verified boot path. Then if somebody tampers with the boot chain the OS will be unable to read the hard drive, and the same will apply if somebody removes the drive from the system. They couldn't even beat you over the head to get the key since you wouldn't know it, though they could just boot the system up normally and ask you to log in (though if you had a duress password that told the OS to instruct the TPM to wipe itself then if you entered that it would destroy the only means to recover your data, and whoever is doing this would have no way to verify whether your password was valid other than trying it on the actual system; a disk backup beforehand would be useless since it would be encrypted using keys that were stored only in the TPM, which was just instructed to destroy them). -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug