Re: the ghost of UEFI and Micr0$0ft

To: debian-user@lists.debian.org
Subject: Re: the ghost of UEFI and Micr0$0ft
From: Miles Bader <miles@gnu.org>
Date: Fri, 08 Jun 2012 13:05:33 +0900
Message-id: <[🔎] 877gvisb1u.fsf@catnip.gol.com>
References: <[🔎] CAO4+coYHYAghvJ=DtQXzSyLRX7KkRDWEy6p4ktZtoZR=Nf4mUg@mail.gmail.com> <[🔎] 1338883289.3371.6.camel@precise> <[🔎] 4FCE2D01.1090906@optonline.net> <[🔎] 20120605182626.7f21d335@ares.home.chubig.net> <[🔎] 4FCE3B09.50104@optonline.net> <[🔎] 20120605191855.3d0611ad@ares.home.chubig.net> <[🔎] 20120605180127.GJ6442@n0nb.us> <[🔎] CAOEVnYss7mXb_jNzh+nYyGAQAXsthdziwP18_+Q8F_jiSYu_Gw@mail.gmail.com> <[🔎] 87sje9ulsb.fsf@catnip.gol.com> <[🔎] 4FCEE02E.30007@gmail.com> <[🔎] 878vfzty92.fsf@catnip.gol.com> <[🔎] CAOEVnYtS_aVJVS-2bkAkA5aACBLnaT4Cp0M_Ax9Y3C2JNmnyfQ@mail.gmail.com>

"Christofer C. Bell" <christofer.c.bell@gmail.com> writes:
>> Would that mean anybody who wants to build their own kernel would need
>> to buy a signing key?
>
> Not at all.  You can generate your own key and load it into your UEFI.
>  It's no different a situation than using self-signed ssl certs
> without buying one from a certificate authority.  There's no need to
> pay any money to anyone to use the secure boot feature.  Is it a
> hassle?  Sure, but you're not beholden to any 3rd party regardless.

Er, wait, doesn't that mean a malware author could do the same thing?

Or is entering a new key a "manual" process ("type in the 50 hex digit
key")?

Can there be multiple keys (I vaguely recall the article saying there
could only be one key [at MS's insistence]...but not sure if I really
understood what it was saying)?

Thanks,

-miles

-- 
We have met the enemy, and he is us.  -- Pogo

Reply to:

Follow-Ups:
- Re: the ghost of UEFI and Micr0$0ft
  - From: Claudius Hubig <debian_1206@chubig.net>
- Re: the ghost of UEFI and Micr0$0ft
  - From: "Christofer C. Bell" <christofer.c.bell@gmail.com>

References:
- the ghost of UEFI and Micr0$0ft
  - From: Harshad Joshi <firewalrus@gmail.com>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Doug <dmcgarrett@optonline.net>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Claudius Hubig <debian_1206@chubig.net>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Doug <dmcgarrett@optonline.net>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Claudius Hubig <debian_1206@chubig.net>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Nate Bargmann <n0nb@n0nb.us>
- Re: the ghost of UEFI and Micr0$0ft
  - From: "Christofer C. Bell" <christofer.c.bell@gmail.com>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Miles Bader <miles@gnu.org>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
- Re: the ghost of UEFI and Micr0$0ft
  - From: Miles Bader <miles@gnu.org>
- Re: the ghost of UEFI and Micr0$0ft
  - From: "Christofer C. Bell" <christofer.c.bell@gmail.com>

Prev by Date: Re: the ghost of UEFI and Micr0$0ft
Next by Date: Re: Turn Off Screen Saver
Previous by thread: Re: the ghost of UEFI and Micr0$0ft
Next by thread: Re: the ghost of UEFI and Micr0$0ft
Index(es):
- Date
- Thread