[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Long] UEFI support



On Mon, 9 Jan 2012 14:04:15 +0000, Wookey <wookey@wookware.org> wrote:
> +++ Steve Langasek [2012-01-06 16:08 -0800]:
> > On Fri, Jan 06, 2012 at 02:41:41PM +0000, Tanguy Ortolo wrote:
> > 
> > > It is also worth noting that an amd64 PC will probably support x64 UEFI
> > > only, so given that there is probably no UEFI-base x86 PCs, there is no
> > > point in creating corresponding images.
> > 
> > Your terminology is a bit muddled here.  If you mean "there will be no
> > 32-bit-only systems using UEFI", that's not a safe assumption to make. 
> > There are still 32-bit-only systems being produced, and the move from BIOS
> > to UEFI will affect them as well.
> 
> ARM systems will imminently be coming out with UEFI as the primary
> boot mechanism too, so at least armhf and probably armel images make
> sense too.
> 
> This is actually a very good thing in the sense that we can have a
> unified boot mechanism across most newish machines in the
> not-too-distant future, which makes debian-boot people's lives a lot
> easier.
> 
> I assume evyone here is aware of mjg's useful posts about the issue of
> key-management in UEFI secure boot?
> 
> We need to do one of:
> 
> * get our bootloaders signed by something like the 'linuxfoundation key'
> if such a thing gets widely installed, 
> * explain to users how to get the 'debian key' installed
> * explain to users how to turn off secure boot.
> * Get manufacturers to put the Debian key in machines for sale (or
>   just make them with Debian(or a deriviative) pre-installed.

Are we going to have a restricted-GRUB that is only willing to load
kernels also signed by keys built into it, which in turn are configured
not to do tricks like kexec, to ensure that one doesn't use linux as a
bootloader?

If not, then any signature on GRUB will just be an invitation to some
scrote to use that signed GRUB as part of their rootkit to insert
malware under windows, and give Microsoft a nice headline about us lot
of pinko-commies being the cause of their latest security problems.

For people that are serious about making machines secure boot Linux,
what they need to be able to do is, firstly discard all the
pre-installed keys (since it's only a matter of time before one of those
is compromised) and then install their own locally generated key(s) with
which they then sign the version of GRUB they prefer, which they should
probably have configured to only boot kernels they trust, etc. etc.

For Joe Average, who is going to struggle to find the BIOS setup on a
current machine, well, I think MS just killed any chance of them trying 
Linux on new machines, unless someone like Neelie Kroes does something
aggressive about this in a hurry.

I'm wondering just how big the middle ground is: those that can find the
BIOS, cannot do their own key management, and are scared to untick the
"Secure" box when they read the Debian install notes (assuming any of
those options exist) -- I have a feeling that that's going to be quite a
small proportion of our potential users, so having a distro key seems
like it's not too worthwhile, and has the potential for some seriously
bad publicity.

On the other hand, all publicity is supposed to be good publicity ;-)

Cheers, Phil.
-- 
|)|  Philip Hands [+44 (0)20 8530 9560]    http://www.hands.com/
|-|  HANDS.COM Ltd.                    http://www.uk.debian.org/
|(|  10 Onslow Gardens, South Woodford, London  E18 1NE  ENGLAND

Attachment: pgpOddOQHvIEY.pgp
Description: PGP signature


Reply to: