Re: EFI SecureBoot and Trusted Computing in Debian
* Marty:
> What I call "the manifesto" [1] claims that UEFI SecureBoot is needed
> in a "post Snowden World."
I don't think it's true. Apple and some Android devices are already
locked down very tightly, and it is not clear that this has helped to
protect users' privacy and prevent access to stored information
without their authorization.
Independent of that, we previously discussed the Microsoft Secure Boot
policy change/clarification:
<https://lists.debian.org/debian-project/2014/01/msg00042.html>
The referenced policy keeps changing (the article has been revised a
couple of times since publication). The current iteration
approximately matches which was discussed in the thread on
debian-project. (An older version required use of an EV-compliant code
signing CA for the embedded CA certificates, which means FIPS 140-2
Level *3*, which is really expensive to implement.)
There is also the larger policy question if we want platform lockdown
through a cryptographically verified boot process, and
cryptographically secured userspace, including remote attestation
capabilities. Mozilla has announced that they plan to add DRM support
to Firefox:
<https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/>
Coupled with remote attestation, this could enable web site operators
to restrict access to client devices which use vendor keys and run
authorized Firefox binaries only. In this possible outcome, the
ability of device owners to enroll their own keys would be
increasingly meaningless because once you do that, you'd lose access
to lots of online content (probably even your Gmail inbox—because an
unauthorized browser could have automation to accelerate sending
spam).
Reply to: