Re: Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

> > The firmware already has this.
> Yes, now my mental cobwebs are getting cleaned out. I do recall reading  
> about this, a while ago.

Much of it is there for network booting (PXE etc) and in fact a fair bit
of it is there in the modern old style BIOS too.

> > > Before it boots the OS.
> >
> > Fine UEFI is a powerful enough base to be capable of supporting this. I
> > don't know if anyone has implemented it, but you have a complete chain of
> > keys to verify the request.
> Should be interesting to see how the great unwashed will accept waiting 2-3  
> minutes for their PC to boot, while their firmware is trying to grab CRLs  
> over the network.

I think firmware people are smarter than this. However there are a whole
array of issues with BIOS and other firmware management. For example all
those wireless cards that need firmware not in RPM format are completely
outside of RPM package management if the firmware is updated to fix a
security hole. In the USB case its probably not a big deal but in the PCI
case a card with DMA and complex firmware could provide holes.

That's also going to be fun if anyone tries to lock down Fedora. There
are ways and means but it's pretty ugly trying to sign stuff you can't
ship but users need to make their box work.

> Should also be interesting to see what happens when you put it behind a  
> proxy that drops the packets on the floor.

I'm not a great fan of the quality of firmware code but give then some
credit 8).

users mailing list
To unsubscribe or change subscription options:
Have a question? Ask away:

Photo 4 Less

[Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Find Someone Special]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

Add to Google Powered by Linux