Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 6 Jun 2012 07:19:58 -0400 (EDT)
From:      Daniel Feenberg <feenberg@nber.org>
To:        Matthew Seaman <matthew@FreeBSD.org>
Cc:        Jerry <jerry@seibercom.net>, FreeBSD <freebsd-questions@FreeBSD.org>
Subject:   Re: Is this something we (as consumers of FreeBSD) need to be aware of?
Message-ID:  <Pine.GSO.4.64.1206060712490.28686@nber6>
In-Reply-To: <4FCF0772.8000609@FreeBSD.org>
References:  <CADy1Ce7MihpmMowc265%2BS_RKorMO3KEKsCgr=pdnjg2jzq-dYQ@mail.gmail.com> <20120605203717.5663bdf7.freebsd@edvax.de> <Pine.GSO.4.64.1206051653120.5642@nber6> <20120605181055.4af65fdb@scorpio> <4FCF0772.8000609@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help


On Wed, 6 Jun 2012, Matthew Seaman wrote:

> On 05/06/2012 23:10, Jerry wrote:
>> I thought this URL <http://mjg59.dreamwidth.org/12368.html>; also shown
>> above, answered that question.
>
> Signing bootloaders and kernels etc. seems superficially like a good
> idea to me.  However, instant reaction is that this is definitely *not*
> something that Microsoft should be in charge of.  Some neutral[*] body
...
> On deeper thought though, the whole idea appears completely unworkable.
> It means that you will not be able to compile your own kernel or
> drivers unless you have access to a signing key.  As building your own

You don't need the signing key if you turn off secure boot in the CMOS. 
The fedora folk are worried that naive desktop users will not be able to 
do that, and usage of linux will be impeded. It won't be a significant 
impediment to users capable of compiling their own kernel.

> is pretty fundamental to the FreeBSD project, the logical consequence is
> that FreeBSD source should come with a signing key for anyone to use.
>
> Which completely abrogates the whole point of signing
> bootloaders/kernels in the first place: anyone wishing to create malware
> would be able to sign whatever they want using such a key.  It's
> DRM-level stupidity all over again.

I do wonder about that. What incentive does the possesor of a signing key 
have to keep it secret? Apple keeps it's signing key secret because it 
gets a share of revenue from the sale of apps. If the fedora key became 
known it wouldn't hurt fedora. Can the UEFI BIOS consult a list of revoked 
keys online? That would be surprising.

dan feenberg



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.64.1206060712490.28686>