Re: [DNG] UEFI Secure Boot workaround?

2016-03-04 Thread Rainer Weikusat
Didier Kryn writes: > Le 04/03/2016 12:42, Arnt Gulbrandsen a écrit : >> Didier Kryn writes: >>> Insert a Knoppix Cdrom, mount your home and read it. If UEFI >>> refuses to boot the Knoppix disk, use the Debian installer. >> >> Mounting the home (using either knoppix or d-i)

Re: [DNG] UEFI Secure Boot workaround?

2016-03-04 Thread Simon Hobson
Arnt Gulbrandsen wrote: > Simon Hobson writes: >> Not really, but I don't see any sign of that as a question in the post I was >> replying to ! > > You said secure boot's security is blown out of the water because it's > possible to run untrusted code under certain

Re: [DNG] UEFI Secure Boot workaround?

2016-03-04 Thread Dr. Nikolaus Klepp
Am Freitag, 4. März 2016 schrieb Arnt Gulbrandsen: > Dr. Nikolaus Klepp writes: > > Am Freitag, 4. März 2016 schrieb Arnt Gulbrandsen: > >> You said secure boot's security is blown out of the water because it's > >> possible to run untrusted code under certain circumstances. IMHO it > >>

Re: [DNG] UEFI Secure Boot workaround?

2016-03-04 Thread Didier Kryn
Le 04/03/2016 12:42, Arnt Gulbrandsen a écrit : Didier Kryn writes: Insert a Knoppix Cdrom, mount your home and read it. If UEFI refuses to boot the Knoppix disk, use the Debian installer. Mounting the home (using either knoppix or d-i) requires the luks passphrase. You could get that

Re: [DNG] UEFI Secure Boot workaround?

2016-03-04 Thread Arnt Gulbrandsen
Dr. Nikolaus Klepp writes: Am Freitag, 4. März 2016 schrieb Arnt Gulbrandsen: You said secure boot's security is blown out of the water because it's possible to run untrusted code under certain circumstances. IMHO it provides useful security because (absent mistakes by the owner) there are

Re: [DNG] UEFI Secure Boot workaround?

2016-03-04 Thread Dr. Nikolaus Klepp
Am Freitag, 4. März 2016 schrieb Arnt Gulbrandsen: > Simon Hobson writes: > > Not really, but I don't see any sign of that as a question in > > the post I was replying to ! > > You said secure boot's security is blown out of the water because it's > possible to run untrusted code under certain

Re: [DNG] UEFI Secure Boot workaround?

2016-03-04 Thread Arnt Gulbrandsen
Simon Hobson writes: Not really, but I don't see any sign of that as a question in the post I was replying to ! You said secure boot's security is blown out of the water because it's possible to run untrusted code under certain circumstances. IMHO it provides useful security because (absent

Re: [DNG] UEFI Secure Boot workaround?

2016-03-04 Thread Simon Hobson
Arnt Gulbrandsen wrote: > Simon Hobson writes: >> Isn't it the bootloader that UEFI loads and runs, and as long as the >> bootloader (Grub) is signed, then UEFI should boot it and grub can boot >> anything you want. Kind of blasts the argument that secure boot is

Re: [DNG] UEFI Secure Boot workaround?

2016-03-04 Thread Didier Kryn
Le 04/03/2016 12:10, Arnt Gulbrandsen a écrit : Simon Hobson writes: Isn't it the bootloader that UEFI loads and runs, and as long as the bootloader (Grub) is signed, then UEFI should boot it and grub can boot anything you want. Kind of blasts the argument that secure boot is either essential

Re: [DNG] UEFI Secure Boot workaround?

2016-03-04 Thread Arnt Gulbrandsen
Simon Hobson writes: Isn't it the bootloader that UEFI loads and runs, and as long as the bootloader (Grub) is signed, then UEFI should boot it and grub can boot anything you want. Kind of blasts the argument that secure boot is either essential or secure out of the water when you can sign

Re: [DNG] UEFI Secure Boot workaround?

2016-03-03 Thread Edward Bartolo
Ooops, sorry, I was of the impression I was using a forum. On 04/03/2016, Edward Bartolo wrote: > Hi, > > I think, with a signed Linux kernel, UEFI Secure Boot can be made to > load any other unsigned Linux kernel, which would imply, any > distribution would be possible to be