Re: Q: secure boot

To: debian-devel@lists.debian.org
Subject: Re: Q: secure boot
From: Ansgar Burchardt <ansgar@debian.org>
Date: Tue, 06 Nov 2018 12:25:49 +0100
Message-id: <[🔎] 14bf19ec174064be7ea28ec6f76759ccd0f749a5.camel@43-1.org>
In-reply-to: <[🔎] CAKTje6EcCDqnZAT1UGTXwydoxKm5GCfoZExyO_tDpFxfna1DMg@mail.gmail.com>
References: <[🔎] 20181106041531.48df196b736c982649c7d37d@iijmio-mail.jp> <[🔎] 20181105225235.734nlt57i43xpupn@angband.pl> <[🔎] CAKTje6EcCDqnZAT1UGTXwydoxKm5GCfoZExyO_tDpFxfna1DMg@mail.gmail.com>

On Tue, 2018-11-06 at 09:14 +0800, Paul Wise wrote:
> AFAICT the Debian Secure Boot packages are not designed for the
> scenario where only Debian keys or per-user keys are trusted by the
> firmware, if they were then shim-signed would be named
> shim-signed-microsoft and there would be a shim-signed-debian package
> too.

This was discussed: you can attach multiple signatures to a UEFI binary
such as shim, so all this would need is to add an additional signature.
Maybe also a legacy version with only the MS signature in case some
implementations don't like multiple signatures (it was added in a later
UEFI version as far as I understand).

> In addition, the revocation situation is just ridiculous. There is no
> way to revoke known-insecure (but still validly signed) software from
> every vendor that supports secure boot.

I agree.  You can probably always get something with a valid signature
and a code execution bug running...

Ansgar

Reply to:

References:
- Q: secure boot
  - From: Hideki Yamane <henrich@iijmio-mail.jp>
- Re: Q: secure boot
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: Q: secure boot
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: Q: secure boot
Next by Date: Re: Uncoordinated upload of the rustified librsvg
Previous by thread: Re: Q: secure boot
Next by thread: Re: Q: secure boot
Index(es):
- Date
- Thread