On 01/22/2016 04:25 PM, John R Pierce wrote:
I do think the whole secureboot thing is a bad idea on a general
purpose computer system, seems like an attempt at creating product
lock in and turning the x86 PC into an appliance, which it really isn't.
mokutil is designed to address that concern
On 1/22/2016 3:42 PM, Gordon Messmer wrote:
On 01/22/2016 02:38 PM, John R Pierce wrote:
for that matter, what about a VM running on a service like Amazon AWS
(or pick your virtual server environment) ?AWS provides a remote
console, doesn't it?
AWS doesn't offer UEFI Secure Boot, so I'm
On 01/22/2016 02:38 PM, John R Pierce wrote:
for that matter, what about a VM running on a service like Amazon AWS
(or pick your virtual server environment) ?AWS provides a remote
console, doesn't it?
AWS doesn't offer UEFI Secure Boot, so I'm not sure how that's relevant.
It seems like
On 1/22/2016 2:24 PM, Gordon Messmer wrote:
On 01/22/2016 01:56 PM, John R Pierce wrote:
Sure, if someone has penetrated my IPMI and/or virtualization
management, I'm already in a world of hurt
Exactly. IPMI should be on a dedicated VLAN with a bastion host. No
other systems should have acce
On Thu, Jan 21, 2016, 10:48 PM wk <304702...@qq.com> wrote:
> Hi,
>
>CentOS7.1, Dell PowerEdge R730xd.
>
>How to check/get UEFI information by shell/bash terminal ? example:if
> UEFI is enabled? if secure boot is enabled?
>
You should find an early kernel message that secure boot is en
On 01/22/2016 01:56 PM, John R Pierce wrote:
Sure, if someone has penetrated my IPMI and/or virtualization
management, I'm already in a world of hurt
Exactly. IPMI should be on a dedicated VLAN with a bastion host. No
other systems should have access to it at all. The servers, especially,
s
On 1/22/2016 1:23 PM, Gordon Messmer wrote:
On 01/22/2016 11:11 AM, John R Pierce wrote:
if you can insert a custom Machine Owner Key into this keyring, then
anyone with sufficient ingenuity can, too. which renders the whole
signature thing moot, other than as another step to be cracked.
On 01/22/2016 11:11 AM, John R Pierce wrote:
if you can insert a custom Machine Owner Key into this keyring, then
anyone with sufficient ingenuity can, too. which renders the whole
signature thing moot, other than as another step to be cracked.
I'm not sure you understand mokutil. You do
On 1/22/2016 11:00 AM, Eero Volotinen wrote:
It works on linux, it can't be secure?
if you can insert a custom Machine Owner Key into this keyring, then
anyone with sufficient ingenuity can, too. which renders the whole
signature thing moot, other than as another step to be cracked.
--
It works on linux, it can't be secure?
:)
Eero
22.1.2016 8.54 ip. "John R Pierce" kirjoitti:
> On 1/22/2016 7:04 AM, Gordon Messmer wrote:
>
>> On 01/21/2016 11:33 PM, wk wrote:
>>
>>> How can I sign my test.ko for CentOS7.1?
>>>
>>
>>
>> https://access.redhat.com/documentation/en-US/Red_
On 1/22/2016 7:04 AM, Gordon Messmer wrote:
On 01/21/2016 11:33 PM, wk wrote:
How can I sign my test.ko for CentOS7.1?
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html
what a pile
On 01/21/2016 11:33 PM, wk wrote:
How can I sign my test.ko for CentOS7.1?
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html
___
CentOS mail
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ.
Well, you cannot sign it as you don't have access to signing key? It might
be possible to add keys to secure boot, I am not sure.
Looks like only way to get unsigned modules to work is just disable secure
boot..
Eero
pe 22. tammikuuta 2016 klo 12.40 wk <304702...@qq.com> kirjoitti:
> Hi,volotin
Hi,volotinen:
as it mentioned in your web link:
"Your on the right track your module need to be signed", my question how
to sign test_file_system.ko?
thanks,
w.k.
-- --
??: "eero.volotinen";;
: 2016??1??22??(??)
15 matches
Mail list logo
