On Thu, 2017-11-23 at 16:03 +0000, Steve McIntyre wrote: > On Thu, Nov 23, 2017 at 01:00:38PM +0000, Ben Hutchings wrote: > > On Wed, 2017-11-22 at 12:06 +0100, Ansgar Burchardt wrote: [...] > > > How long does signing take? > > > --------------------------- > > > > > > Using a YubiKey as proposed, how long does signing all binaries take for > > > the different packages? > > > > I think the answer is "way too long", but Julien can be more precise. > > > > I proposed to use a file-based key for signing modules. It is easy > > incomplete sentence? I think I was going to say it's easier to replace module signing keys, as signed modules are already bound to a small range of kernel versions. > > > What happens when UEFI-Secure Boot can be bypassed? > > > --------------------------------------------------- > > > > > > The requirements from Microsoft state that no unauthenticated code must > > > be executed before ExitBootServices is called and may revoke submissions > > > that allow this to happen. > > > > > > What happens when root can get the Linux kernel or grub to do so (for > > > example by exploiting a bug)? Might Microsoft revoke the shim > > > signature? > > > > In theory, yes. > > Bugs happen. If Microsoft have revoked any keys so far, they've been > quiet about it. But there is support for revocation of keys, both > directly at the UEFI level and in mok/shim. [...] They already revoked all old versions of the Windows boot loader on ARM: https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-100 Ben. -- Ben Hutchings When in doubt, use brute force. - Ken Thompson
Attachment:
signature.asc
Description: This is a digitally signed message part