On Friday, July 10, 2020 5:05:51 AM MST Nicolas Mailhot via devel wrote: > Le vendredi 10 juillet 2020 à 07:51 -0400, Solomon Peachy a écrit : > > > On Fri, Jul 10, 2020 at 01:37:14PM +0200, Nicolas Mailhot via devel > > wrote: > > > > > If you remove end users from the loop there is zero zip nada need > > > for > > > secure boot in the first place. The sole function of secure boot > > > and > > > DRPM is to prevent end users, present in the update loop, from > > > doing > > > things the manufacturer disagreees with. > > > > > > s/manufacturer/device owner/ > > > Nope, manufacturer. There are hundreds of other simpler ways to protect > device owner side (physical locks on racks, 2FA auth via a physical > button on the device or an sms code, etc). > > The average device is not sold with locks in the supermarket. The home > or office or building or rack door is considered sufficient > protection. > > Evil maid does exist, but applying evil maid generally would require > putting locks on everything you buy, from the drawers where you may > store sensitive documents someday, to the fridge where the evil maid > may serve herself on your precious lagger. > > The threat scenario has been massively ovehyped to justify giving keys > to the manufacturers.
Please note that SMS two factor has been known to be insecure since 2005, and NIST has recommended against it for just as long. (Before a bit of nonsense in 2016-2017, which I think has been corrected?) -- John M. Harris, Jr. _______________________________________________ devel mailing list -- firstname.lastname@example.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://email@example.com