[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: shim-signed

]] Marc Haber 

> Excuse me for asking a user question on -devel, but do we have any
> docs where someone explains how much a security trade off is
> shim-signed relativ to the optimum? I think that using shim-signed is
> surely worse than a directly signed kernel, but I don't know whether I
> can tell my system (or shim-signed?) to accept MY or Debian's signed
> kernel without the Microsoft intermediate signature, and whether this
> is any more secure than running an encrypted system without secure
> boot at all.
> 
> Do we have docs for that?

I don't think we have docs for running with a different root of trust
than MS'. To be honest, I'm not sure we even _should_ have a lot of docs
around it, since the general brittleness of the boot process, UEFI and
friends might very well lead to more systems being broken when people
discover the docs and run with the instructions without understanding
the implications.

As for it being more secure, for that to be a good and meaningful
discussion, we have to agree on what the threat model is.  What's the
threat you want to protect against by using your own or Debian's keys?

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: