From owner-freebsd-questions@FreeBSD.ORG Tue Jun 5 22:55:45 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 60BC51065672 for ; Tue, 5 Jun 2012 22:55:45 +0000 (UTC) (envelope-from feenberg@nber.org) Received: from mail2.nber.org (mail2.nber.org [66.251.72.79]) by mx1.freebsd.org (Postfix) with ESMTP id 03FDD8FC0A for ; Tue, 5 Jun 2012 22:55:44 +0000 (UTC) Received: from nber6 (nber6.nber.org [66.251.72.76]) by mail2.nber.org (8.14.4/8.14.4) with ESMTP id q55Mtf35005277; Tue, 5 Jun 2012 18:55:42 -0400 (EDT) (envelope-from feenberg@nber.org) Date: Tue, 5 Jun 2012 18:49:14 -0400 (EDT) From: Daniel Feenberg X-X-Sender: feenberg@nber6 To: FreeBSD In-Reply-To: <20120605181055.4af65fdb@scorpio> Message-ID: References: <20120605203717.5663bdf7.freebsd@edvax.de> <20120605181055.4af65fdb@scorpio> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.39/RELEASE, bases: 20120605 #8136335, check: 20120605 clean Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jun 2012 22:55:45 -0000 On Tue, 5 Jun 2012, Jerry wrote: > On Tue, 5 Jun 2012 17:00:14 -0400 (EDT) > Daniel Feenberg articulated: > >> On Tue, 5 Jun 2012, Polytropon wrote: >> >>> On Tue, 5 Jun 2012 11:19:26 -0700, Kurt Buff wrote: >>>> UEFI considerations drive Fedora to pay MSFT to sign their kernel >>>> binaries >>>> http://cwonline.computerworld.com/t/8035515/1292406/565573/0/ >>> >>> I may reply with another link: >>> http://mjg59.dreamwidth.org/12368.html >> >> I have a pretty basic question that probably displays some ignorance... >> >> Does the loader need to be signed? Once signed, can it load anything, >> or just things MS has approved? If MS signs the kernel, can the kernel >> run anything, or just things MS has approved? If RH has a signed >> kernel, do they have to sign all the userland programs that run under >> that kernel? Can users sign programs compiled from source? >> >> If MS only has to sign the first link in the chain, then the $99 >> certificate is not really a problem except for the pure of heart. If >> MS or someone else has to sign all the way down to the userland >> binaries, then users of FreeBSD will have to turn off secure boot in >> CMOS, and it will lose a few users. But I can't tell from the >> discussions mentioned above. Either way, I don't think it will destroy >> FreeBSD, or Linux, but I would be interested anyway. > > I thought this URL also shown > above, answered that question. It says "once paid you can sign as many binaries as you want" but I don't know if that means "as many different binaries" or "as many copies of the same binary". Later it says they will write a new bootloader that MS will sign and "adding support for verifying that the kernel it's about to boot is signed with a trusted key" but I don't know if that kernel is signed by MS or RH, or if MS gets to approve it. Finally it says "we'll be sanitising the kernel command line to avoid certain bits of functionality that would permit an attacker to cause even a signed kernel to launch arbitrary code" but does "arbitrary code" refer to something I would want to do as a sys-admin? dan feenberg