On Sun, Jun 17, 2012 at 8:03 PM, Greg KH wrote:
> Huh? No, why would a user need to resign the UEFI drivers? Those
> "live" in the BIOS and are only used to get the machine up and running
> in UEFI space, before UEFI hands the control off to the bootloader it
> has verified is signed with a corr
On Sat, Jun 16, 2012 at 12:22:24PM +0300, Maxim Kammerer wrote:
> On Fri, Jun 15, 2012 at 3:01 PM, Rich Freeman wrote:
> > I think that anybody that really cares about security should be
> > running in custom mode anyway, and should just re-sign anything they
> > want to run. Custom mode lets you
On Thu, Jun 14, 2012 at 11:28 PM, Greg KH wrote:
>
> So, anyone been thinking about this? I have, and it's not pretty.
>
> Should I worry about this and how it affects Gentoo, or not worry about
> Gentoo right now and just focus on the other issues?
>
> Minor details like, "do we have a 'company'
On Fri, Jun 15, 2012 at 3:01 PM, Rich Freeman wrote:
> I think that anybody that really cares about security should be
> running in custom mode anyway, and should just re-sign anything they
> want to run. Custom mode lets you clear every single key in the
> system from the vendor on down, and giv
Am 16.06.2012 01:59, schrieb Greg KH:
> On Fri, Jun 15, 2012 at 09:49:01AM +0200, Florian Philipp wrote:
>> Am 15.06.2012 09:26, schrieb Michał Górny:
>>> On Thu, 14 Jun 2012 21:56:04 -0700 Greg KH wrote:
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
> On 15 June 2012 09:
On Fri, 15 Jun 2012 16:56:52 -0700
Greg KH wrote:
> On Fri, Jun 15, 2012 at 06:57:06AM +0200, Chí-Thanh Christopher
> Nguyễn wrote:
> > If you have influence on UEFI secure boot spec, you could suggest
> > that they mandate a UI which lists all boot images known to the EFI
> > boot manager, and t
On Fri, Jun 15, 2012 at 08:41:47PM -0400, Rich Freeman wrote:
> On Fri, Jun 15, 2012 at 7:55 PM, Greg KH wrote:
> > On Fri, Jun 15, 2012 at 06:14:12AM -0400, Rich Freeman wrote:
> > The whole chain-of-trust is an interesting issue as the UEFI spec does
> > not require it at all, and some people on
120615 Greg KH wrote:
> On Fri, Jun 15, 2012 at 01:48:05AM -0400, Philip Webb wrote:
>> Does this affect those of us who build our own machines ?
> Yes, it will be on your new motherboard in a matter of months.
I am going to build a new machine some time in the next 12 mth ,
but it looks as if al
On Fri, Jun 15, 2012 at 7:55 PM, Greg KH wrote:
> On Fri, Jun 15, 2012 at 06:14:12AM -0400, Rich Freeman wrote:
> The whole chain-of-trust is an interesting issue as the UEFI spec does
> not require it at all, and some people on the UEFI committee have told
> me that it is not required either. Bu
On Fri, Jun 15, 2012 at 09:26:07AM +0200, Michał Górny wrote:
> On Thu, 14 Jun 2012 21:56:04 -0700
> Greg KH wrote:
>
> > On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
> > > On 15 June 2012 09:58, Greg KH wrote:
> > > > So, anyone been thinking about this? I have, and it's not
On Fri, Jun 15, 2012 at 01:03:24PM +0800, Ben de Groot wrote:
> On 15 June 2012 12:45, Arun Raghavan wrote:
> > On 15 June 2012 09:58, Greg KH wrote:
> >> So, anyone been thinking about this? I have, and it's not pretty.
> >>
> >> Minor details like, "do we have a 'company' that can pay Microsof
On Fri, Jun 15, 2012 at 01:48:05AM -0400, Philip Webb wrote:
> 120614 Greg KH wrote:
> > So, anyone been thinking about this? I have, and it's not pretty.
> > Should I worry about this and how it affects Gentoo
> > or not worry about Gentoo right now and just focus on the other issues?
> > Minor d
On Fri, Jun 15, 2012 at 04:35:28PM -0500, Matthew Thode wrote:
> One of these days I'd like to pick your brain about some hardened UEFI
> interactions I've seen (with pipacs watching).
Sure, be glad to talk about this anytime.
On Fri, Jun 15, 2012 at 09:49:01AM +0200, Florian Philipp wrote:
> Am 15.06.2012 09:26, schrieb Michał Górny:
> > On Thu, 14 Jun 2012 21:56:04 -0700 Greg KH wrote:
> >> On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
> >>> On 15 June 2012 09:58, Greg KH wrote:
> So, anyone bee
On Fri, Jun 15, 2012 at 06:57:06AM +0200, Chí-Thanh Christopher Nguyễn wrote:
> If you have influence on UEFI secure boot spec, you could suggest that
> they mandate a UI which lists all boot images known to the EFI boot
> manager, and the user can easily whitelist both individual loaders and
> the
On Fri, Jun 15, 2012 at 06:14:12AM -0400, Rich Freeman wrote:
> On Fri, Jun 15, 2012 at 12:28 AM, Greg KH wrote:
> > Should I worry about this and how it affects Gentoo, or not worry about
> > Gentoo right now and just focus on the other issues?
> >
> > Minor details like, "do we have a 'company'
On 06/14/2012 11:45 PM, Greg KH wrote:
> On Thu, Jun 14, 2012 at 09:28:10PM -0700, Greg KH wrote:
>> So, anyone been thinking about this? I have, and it's not pretty.
>>
>> Should I worry about this and how it affects Gentoo, or not worry about
>> Gentoo right now and just focus on the other issue
On 06/15/2012 12:24 AM, Arun Raghavan wrote:
> On 15 June 2012 10:26, Greg KH wrote:
>> On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
>>> On 15 June 2012 09:58, Greg KH wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Should I worry about t
On 06/15/2012 06:14 AM, Rich Freeman wrote:
8. I think the bigger issue is with ARM, and I'm not personally clear
on what the exact policy is there. That really strikes me as
antitrust, but MS might argue that on ARM they have no monopoly
(instead we have a bunch of different vendors who almost
Am 15.06.2012 14:01, schrieb Rich Freeman:
> On Fri, Jun 15, 2012 at 7:32 AM, Walter Dnes wrote:
>> Question... how would "blacklisting" work on linux machines? Let's
>> say Joe Blow gets a signing key and then passes it around. I can see
>> that if you want to build an executable (*.exe) to ru
On Fri, Jun 15, 2012 at 8:22 AM, Luca Barbato wrote:
> If we want to try to get serious on 5, we could try to gather the
> hardened/security people across distributions and setup the whole chain
> to be parallel and cut deals with OEM to store this trust-chain keys
> along with MS.
Perhaps. Sinc
On Fri, Jun 15, 2012 at 8:18 AM, Luca Barbato wrote:
> On 06/15/2012 06:57 AM, Chí-Thanh Christopher Nguyễn wrote:
>> If you have influence on UEFI secure boot spec, you could suggest that
>> they mandate a UI which lists all boot images known to the EFI boot
>> manager, and the user can easily wh
On 06/15/2012 12:14 PM, Rich Freeman wrote:
> 5. If somebody (perhaps under the umbrella of hardened) wanted to
> create a Gentoo project around a fully trusted Gentoo I'd be
> completely supportive of that. It would take work. In the spirit of
> Gentoo we should allow anybody to build their own
On 06/15/2012 06:57 AM, Chí-Thanh Christopher Nguyễn wrote:
> Greg KH schrieb:
>> So, anyone been thinking about this? I have, and it's not pretty.
>>
>> Should I worry about this and how it affects Gentoo, or not worry about
>> Gentoo right now and just focus on the other issues?
>>
>> Minor deta
On Fri, Jun 15, 2012 at 7:32 AM, Walter Dnes wrote:
> Question... how would "blacklisting" work on linux machines? Let's
> say Joe Blow gets a signing key and then passes it around. I can see
> that if you want to build an executable (*.exe) to run under Windows,
> you'll run into problems if t
On Fri, Jun 15, 2012 at 10:37:02AM +0200, Florian Philipp wrote
> Besides, it wouldn't work long. They can blacklist keys.
Question... how would "blacklisting" work on linux machines? Let's
say Joe Blow gets a signing key and then passes it around. I can see
that if you want to build an execu
Am 15.06.2012 12:14, schrieb Rich Freeman:
[...]
+1 for your assessment so far.
>
> I'd be personally interested in pointers to info on what the "powers
> that be" do and don't allow with UEFI. I've seen lots of
> sky-is-falling blog entries and discussion but little in the way of
> specs, and
On 15 June 2012 15:58, Richard Farina wrote:
> On 06/15/2012 03:12 AM, Ben de Groot wrote:
>> On 15 June 2012 13:24, Arun Raghavan wrote:
>>> On 15 June 2012 10:33, Ben de Groot wrote:
On 15 June 2012 12:45, Arun Raghavan wrote:
> On 15 June 2012 09:58, Greg KH wrote:
>> So, anyon
On Fri, Jun 15, 2012 at 12:28 AM, Greg KH wrote:
> Should I worry about this and how it affects Gentoo, or not worry about
> Gentoo right now and just focus on the other issues?
>
> Minor details like, "do we have a 'company' that can pay Microsoft to
> sign our bootloader?" is one aspect from the
Am 15.06.2012 09:58, schrieb Richard Farina:
> On 06/15/2012 03:12 AM, Ben de Groot wrote:
>> On 15 June 2012 13:24, Arun Raghavan wrote:
>>> On 15 June 2012 10:33, Ben de Groot wrote:
On 15 June 2012 12:45, Arun Raghavan wrote:
> On 15 June 2012 09:58, Greg KH wrote:
>> So, anyone
Am 15.06.2012 10:06, schrieb Richard Farina:
> On 06/15/2012 03:49 AM, Florian Philipp wrote:
>> Am 15.06.2012 09:26, schrieb Michał Górny:
>>> On Thu, 14 Jun 2012 21:56:04 -0700
>>> Greg KH wrote:
>>>
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
> On 15 June 2012 09:58,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/15/2012 03:49 AM, Florian Philipp wrote:
> Am 15.06.2012 09:26, schrieb Michał Górny:
>> On Thu, 14 Jun 2012 21:56:04 -0700
>> Greg KH wrote:
>>
>>> On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
On 15 June 2012 09:58, Greg
On 06/15/2012 03:12 AM, Ben de Groot wrote:
> On 15 June 2012 13:24, Arun Raghavan wrote:
>> On 15 June 2012 10:33, Ben de Groot wrote:
>>> On 15 June 2012 12:45, Arun Raghavan wrote:
On 15 June 2012 09:58, Greg KH wrote:
> So, anyone been thinking about this? I have, and it's not pre
Am 15.06.2012 09:26, schrieb Michał Górny:
> On Thu, 14 Jun 2012 21:56:04 -0700
> Greg KH wrote:
>
>> On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
>>> On 15 June 2012 09:58, Greg KH wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Should
On Thu, 14 Jun 2012 21:56:04 -0700
Greg KH wrote:
> On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
> > On 15 June 2012 09:58, Greg KH wrote:
> > > So, anyone been thinking about this? I have, and it's not pretty.
> > >
> > > Should I worry about this and how it affects Gentoo, o
On 15 June 2012 13:24, Arun Raghavan wrote:
> On 15 June 2012 10:33, Ben de Groot wrote:
>> On 15 June 2012 12:45, Arun Raghavan wrote:
>>> On 15 June 2012 09:58, Greg KH wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Minor details like, "do we have a '
On 2012-06-15 7:56 AM, Greg KH wrote:
> Distributing a first-stage bootloader blob, that is signed by Microsoft,
> or someone, seems to be the only way to easily handle this.
Fedora agrees:
http://mjg59.dreamwidth.org/12368.html
Other distros haven't decided yet afaik although there have been som
120614 Greg KH wrote:
> So, anyone been thinking about this? I have, and it's not pretty.
> Should I worry about this and how it affects Gentoo
> or not worry about Gentoo right now and just focus on the other issues?
> Minor details like, "do we have a 'company' that can pay Microsoft
> to sign o
On 15 June 2012 10:33, Ben de Groot wrote:
> On 15 June 2012 12:45, Arun Raghavan wrote:
>> On 15 June 2012 09:58, Greg KH wrote:
>>> So, anyone been thinking about this? I have, and it's not pretty.
>>>
>>> Minor details like, "do we have a 'company' that can pay Microsoft to
>>> sign our boot
On 15 June 2012 10:26, Greg KH wrote:
> On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
>> On 15 June 2012 09:58, Greg KH wrote:
>> > So, anyone been thinking about this? I have, and it's not pretty.
>> >
>> > Should I worry about this and how it affects Gentoo, or not worry about
On Fri, Jun 15, 2012 at 1:03 AM, Ben de Groot wrote:
> On 15 June 2012 12:45, Arun Raghavan wrote:
> > On 15 June 2012 09:58, Greg KH wrote:
> >> So, anyone been thinking about this? I have, and it's not pretty.
> >>
> >> Minor details like, "do we have a 'company' that can pay Microsoft to
>
On 15 June 2012 12:45, Arun Raghavan wrote:
> On 15 June 2012 09:58, Greg KH wrote:
>> So, anyone been thinking about this? I have, and it's not pretty.
>>
>> Minor details like, "do we have a 'company' that can pay Microsoft to
>> sign our bootloader?" is one aspect from the non-technical side
Greg KH schrieb:
> So, anyone been thinking about this? I have, and it's not pretty.
>
> Should I worry about this and how it affects Gentoo, or not worry about
> Gentoo right now and just focus on the other issues?
>
> Minor details like, "do we have a 'company' that can pay Microsoft to
> sign
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
> On 15 June 2012 09:58, Greg KH wrote:
> > So, anyone been thinking about this? I have, and it's not pretty.
> >
> > Should I worry about this and how it affects Gentoo, or not worry about
> > Gentoo right now and just focus on the o
On Thu, Jun 14, 2012 at 09:28:10PM -0700, Greg KH wrote:
> So, anyone been thinking about this? I have, and it's not pretty.
>
> Should I worry about this and how it affects Gentoo, or not worry about
> Gentoo right now and just focus on the other issues?
>
> Minor details like, "do we have a 'c
On 15 June 2012 09:58, Greg KH wrote:
> So, anyone been thinking about this? I have, and it's not pretty.
>
> Should I worry about this and how it affects Gentoo, or not worry about
> Gentoo right now and just focus on the other issues?
I think it at least makes sense to talk about it, and work
So, anyone been thinking about this? I have, and it's not pretty.
Should I worry about this and how it affects Gentoo, or not worry about
Gentoo right now and just focus on the other issues?
Minor details like, "do we have a 'company' that can pay Microsoft to
sign our bootloader?" is one aspect
47 matches
Mail list logo