-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Stone wrote: | It's completely unsafe to use the new USB customization keys to execute | software located on-key or on-NAND because any opportunity for arbitrary code | execution as uid 0 represents a serious threat to our first-boot activation | security. | | Since we appear to want to be able to customize images with new RPMS, this | leaves us in a somewhat sticky situation. The following patch represents one | approach to resolving the difficulty - that of postponing the running of any | commands until after the activation initramfs yields control to late userland.
It is difficult to comment on this without more detail on "USB customization keys". My understanding was that such customization would be done once at the level of whole countries, that it would be restricted to /home, and that the "key" in question was a cryptographic signing key, so that customizers (at the ministry of education) could create trusted images that the firmware or journal would install automatically. Thus, I am not sure what a USB customization key is. Countries that want to make invasive modifications to the operating system should be allowed to do whatever they want, but allowing users to add arbitrary RPMs without a developer key is a distinctly terrible idea. I cannot tell which you are proposing here. Your patch does not suggest that the set of RPMs is signed. Is there a signature validation happening somewhere? - --Ben -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH0VMMUJT6e6HFtqQRAvPJAJ9DQZoRGeoux2p2jLppPOku/QPBfACfcHgY UePE4MqAOjpzj5Ykr4I8uIM= =S8uD -----END PGP SIGNATURE----- _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel