Re: *countable infinities only |
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
On 05/31/2012 01:34 PM, Jon Ciesla wrote:
> On Thu, May 31, 2012 at 12:22 PM, Gerry Reno <greno@xxxxxxxxxxx> wrote:
>> On 05/31/2012 01:19 PM, Jon Ciesla wrote:
>>> On Thu, May 31, 2012 at 12:16 PM, Gerry Reno <greno@xxxxxxxxxxx> wrote:
>>>> On 05/31/2012 01:10 PM, Gregory Maxwell wrote:
>>>>> On Thu, May 31, 2012 at 1:07 PM, Gerry Reno <greno@xxxxxxxxxxx> wrote:
>>>>>> Could be any of a thousand ways to implement this.
>>>>>> Maybe it checks the BIOS to determine whether some SecureBoot flag is set.
>>>>> While it pains me to argue with someone on my side— you're incorrect.
>>>>> The compromised system would just intercept and emulate or patch out that test.
>>>> Then what's missing here is a way for booted OS's to test themselves for integrity.
>>> Maybe some sort of cryptographic signature stored in the hardware?
>>>
>>> <ducks>
>>>
>>> -J
>>>
>>> </sarcasm>
>>>
>> Just not dictated by one monopoly.
> Ideally, no. But you see the problem. I'm divided on the solution
> myself, but I've yet to see one I feel better about.
>
> -J
>
>
This game of cat and mouse with the blackhats is not going to end until we have some type of read-only partitions where
known good code resides.
And the user must hit a hardware button to enable read-write to change anything there.
We just keep pushing these blackhats to different layers. Next they'll be flashing our BIOSes and eliminating all
protections SecureBoot and otherwise.
.
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Fedora Announce]
[Fedora Kernel]
[Fedora Testing]
[Fedora Legacy Announce]
[Home]
[Fedora Tools]
[Fedora PHP Devel]
[Kernel List]
[Fedora Legacy]
[Fedora Maintainers]
[Fedora Maintainers]
[Fedora Desktop]
[PAM]
[Red Hat Development]
[Big List of Linux Books]
[Gimp]
[Yosemite News]
