Re: *countable infinities only

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On 05/31/2012 01:34 PM, Jon Ciesla wrote:
> On Thu, May 31, 2012 at 12:22 PM, Gerry Reno <greno@xxxxxxxxxxx> wrote:
>> On 05/31/2012 01:19 PM, Jon Ciesla wrote:
>>> On Thu, May 31, 2012 at 12:16 PM, Gerry Reno <greno@xxxxxxxxxxx> wrote:
>>>> On 05/31/2012 01:10 PM, Gregory Maxwell wrote:
>>>>> On Thu, May 31, 2012 at 1:07 PM, Gerry Reno <greno@xxxxxxxxxxx> wrote:
>>>>>> Could be any of a thousand ways to implement this.
>>>>>> Maybe it checks the BIOS to determine whether some SecureBoot flag is set.
>>>>> While it pains me to argue with someone on my side— you're incorrect.
>>>>> The compromised system would just intercept and emulate or patch out that test.
>>>> Then what's missing here is a way for booted OS's to test themselves for integrity.
>>> Maybe some sort of cryptographic signature stored in the hardware?
>>> <ducks>
>>> -J
>>> </sarcasm>
>> Just not dictated by one monopoly.
> Ideally, no.  But you see the problem.  I'm divided on the solution
> myself, but I've yet to see one I feel better about.
> -J

This game of cat and mouse with the blackhats is not going to end until we have some type of read-only partitions where
known good code resides.

And the user must hit a hardware button to enable read-write to change anything there.

We just keep pushing these blackhats to different layers.  Next they'll be flashing our BIOSes and eliminating all
protections SecureBoot and otherwise.


devel mailing list

[Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Legacy Announce]     [Home]     [Fedora Tools]     [Fedora PHP Devel]     [Kernel List]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

Add to Google Powered by Linux