Am Donnerstag, 26. Oktober 2017 schrieb John Morris:
> On Tue, 2017-10-24 at 09:01 +0200, marc wrote:
>
> > Secureboot is designed for them, not for you. You might come
> > up with a really exotic use case, where it might help you. But
> > if you look at it carefully enough, it relies on
On 10/23/2017 09:12 PM, zap wrote:
no blobs of any kind with regard to wifi especially!
Yes! and of course a an open source firmware with fully open source
silicon init. (ex: TALOS 2, KCMA-D8, KGPE-D16, Novena and a few others
with the G505S being the most free modern laptop with IOMMU and no
On Mon, 2017-10-23 at 17:06 +0200, Didier Kryn wrote:
> I've read previously on this list that secureboot doesn't prevent
> booting from a usb key... Or did I misunderstood?
Correct, so long as the boot loader on the USB key is signed by a key
the system trusts. And you didn't disable
On Tue, 2017-10-24 at 09:01 +0200, marc wrote:
> Secureboot is designed for them, not for you. You might come
> up with a really exotic use case, where it might help you. But
> if you look at it carefully enough, it relies on secureboot
> redefining root to something weaker than what we want, and
Hello
> > If you are worried that somebody who has
> > compromised your OS remotely will hack your bootloader, then
> > reconsider their motives: They are already on a running host OS
> > as root and can look inside your encrypted disk volumes too -
> > you have lost already.
>
> Secureboot is
El 23/10/17 a les 21:42, John Franklin ha escrit:
>
>> On Oct 23, 2017, at 2:37 PM, goli...@dyne.org wrote:
>>
>> On 2017-10-23 09:41, Steve Litt wrote:
>>> To get Windows 10 certification, you have to have Secure Boot but
>>> there's no requirement for an off switch.
>>> SteveT
>>
>> If that is
On 23.10.2017 11:50, Simon Hobson wrote:
[U]EFI in itself isn't all that bad - what some manufacturers do with it, and
the hash they make of it, is often bad.
It always had been bullshit. A good technical solution would be
OF + device tree.
Board vendors should just provide the board init
On 2017-10-23 20:12, zap wrote:
firetools is how you use your web browser/internet connecting
applications
your web browser is firefox based with the garbage disabled but still
regularly updated
fsmithred has a neat text interface for firejail at:
On 10/23/2017 04:18 PM, Edward Bartolo wrote:
> Quote: "secure operating system"
>
> Where can I get that? Linux does have vulnerabilities. Together with
> that, a kernel alone doesn't do much. Other packages are needed which
> add up more attack surface area.
>
> You do remember when kernel.org
> On Oct 23, 2017, at 6:44 PM, Rick Moen wrote:
>
> Quoting John Franklin (frank...@tux.org):
>
> Technically, a rootkit is not a threat but rather a minor after-the-fact
> sequel to a threat and succesful attack. It does not embody an attack,
> itself. Rather, it's a
Quoting John Franklin (frank...@tux.org):
Technically, a rootkit is not a threat but rather a minor after-the-fact
sequel to a threat and succesful attack. It does not embody an attack,
itself. Rather, it's a method of hiding from the legitimate
administrator the covert activity of an intruder
> On Oct 23, 2017, at 6:13 PM, Steve Litt wrote:
>
>
> And by the way, I had a Win8 box that wouldn't accept Linux, but
> luckily it was for one of my kids who wanted Windows.
>
Brand and model? Why wouldn’t it accept Linux?
jf
--
John Franklin
frank...@tux.org
> On Oct 23, 2017, at 5:34 PM, marc wrote:
>
>> kato...@freaknet.org writes:
>>> And what if you want to use your own unsigned bootloader? Why should
>>> you ask someone else the permission to boot your own machine? o_O
>>
>> Because I want deny people with physical access
On Mon, 23 Oct 2017 15:42:00 -0400
John Franklin wrote:
> > On Oct 23, 2017, at 2:37 PM, goli...@dyne.org wrote:
> >
> > On 2017-10-23 09:41, Steve Litt wrote:
> >> To get Windows 10 certification, you have to have Secure Boot but
> >> there's no requirement for an off
> kato...@freaknet.org writes:
> >And what if you want to use your own unsigned bootloader? Why should
> >you ask someone else the permission to boot your own machine? o_O
>
> Because I want deny people with physical access the ability to boot unsigned
> bootloaders.
>
> I am both the owner of
>> If that is true, it sounds like a class action law suit to me. Anyone want
>> to take it on?
> Can you identify any vendors where you can’t install Linux? If you can’t,
> this just a bunch of FUD.
>
> jf
>
It sounds like something that windows 10 vendors would love to do. The
idea of
> On Oct 23, 2017, at 2:37 PM, goli...@dyne.org wrote:
>
> On 2017-10-23 09:41, Steve Litt wrote:
>> To get Windows 10 certification, you have to have Secure Boot but
>> there's no requirement for an off switch.
>> SteveT
>
> If that is true, it sounds like a class action law suit to me.
On 2017-10-23 09:41, Steve Litt wrote:
To get Windows 10 certification, you have to have Secure Boot but
there's no requirement for an off switch.
SteveT
If that is true, it sounds like a class action law suit to me. Anyone
want to take it on?
golinux
On Mon, Oct 23, 2017 at 10:41:29AM -0400, Steve Litt wrote:
> On Mon, 23 Oct 2017 10:50:54 +0100
> Simon Hobson wrote:
>
>
> > Two ways :
> > 1) You simply turn off secure boot and it'll boot your unsigned
> > binary. If your machine doesn't have that then it's a bug and
Didier Kryn writes:
I've read previously on this list that secureboot doesn't
prevent booting from a usb key... Or did I misunderstood?
People spread too much FUD.
Various people have asserted, without naming names, that some/most vendors
do not allow you to delete keys from the list of
Le 23/10/2017 à 16:35, Arnt Gulbrandsen a écrit :
Didier Kryn writes:
For me the things which need to be protected are
1) the data
2) the OS, to avoid backdoors
I can't see any need to protect a motherboard against booting
from a "foreign" disk.
To access the data: Boot
El 23/10/17 a les 16:35, Arnt Gulbrandsen ha escrit:
> Didier Kryn writes:
>> For me the things which need to be protected are
>>
>> 1) the data
>> 2) the OS, to avoid backdoors
>>
>> I can't see any need to protect a motherboard against booting from
>> a "foreign" disk.
>
> To
On Mon, 23 Oct 2017 10:50:54 +0100
Simon Hobson wrote:
> Two ways :
> 1) You simply turn off secure boot and it'll boot your unsigned
> binary. If your machine doesn't have that then it's a bug and you
> should complain to the retailer - and return the machine (which by
taii...@gmx.com writes:
No you aren't.
Intel ME + "Secure" boot non-owner controlled firmware code
signing enforcement (probably hardware enforced via boot guard,
so one couldn't even spend the thousands to have it removed via
a coreboot platform port)
If you can't execute whatever you
Didier Kryn writes:
For me the things which need to be protected are
1) the data
2) the OS, to avoid backdoors
I can't see any need to protect a motherboard against
booting from a "foreign" disk.
To access the data: Boot from foreign media, modify or replace the usual
boot
Le 23/10/2017 à 11:47, Arnt Gulbrandsen a écrit :
Because I want deny people with physical access the ability to boot
unsigned bootloaders.
I am both the owner of my hardware and the person who usually has
physical access. Requiring signed boot loaders is way to transfer
rights from latter
kato...@freaknet.org writes:
Yes, but what about *adding* your own keys? This does not seem to be a
popular option, AFAIK.
Of course it isn't. Who has a reason to talk about it?
Microsoft doesn't talk much about that, because Microsoft wants most users
to use Windows Upgrade and get timely
On Mon, Oct 23, 2017 at 11:16:50AM +0100, Arnt Gulbrandsen wrote:
> kato...@freaknet.org writes:
> >I don't know much about signed bootloaders, and i will try to re-read
> >the thread to fully understand your statement.
>
> The short version: You can remove keys, so that only your own key is
kato...@freaknet.org writes:
I don't know much about signed bootloaders, and i will try to re-read
the thread to fully understand your statement.
The short version: You can remove keys, so that only your own key is valid
for booting. If you're then careful about that key, then later physical
On Mon, Oct 23, 2017 at 10:50:54AM +0100, Simon Hobson wrote:
> KatolaZ wrote:
>
> > And what if you want to use your own unsigned bootloader? Why should
> > you ask someone else the permission to boot your own machine? o_O
>
> Two ways :
> 1) You simply turn off secure
On 10/23/2017 05:47 AM, Arnt Gulbrandsen wrote:
kato...@freaknet.org writes:
And what if you want to use your own unsigned bootloader? Why should
you ask someone else the permission to boot your own machine? o_O
Because I want deny people with physical access the ability to boot
unsigned
On Mon, Oct 23, 2017 at 10:47:31AM +0100, Arnt Gulbrandsen wrote:
> kato...@freaknet.org writes:
> >And what if you want to use your own unsigned bootloader? Why should
> >you ask someone else the permission to boot your own machine? o_O
>
> Because I want deny people with physical access the
KatolaZ wrote:
> And what if you want to use your own unsigned bootloader? Why should
> you ask someone else the permission to boot your own machine? o_O
Two ways :
1) You simply turn off secure boot and it'll boot your unsigned binary. If your
machine doesn't have that
kato...@freaknet.org writes:
And what if you want to use your own unsigned bootloader? Why should
you ask someone else the permission to boot your own machine? o_O
Because I want deny people with physical access the ability to boot
unsigned bootloaders.
I am both the owner of my hardware
On Mon, Oct 23, 2017 at 11:24:12AM +0200, Edward Bartolo wrote:
> Contrary to the main argumentative line of this thread, I found EFI
> far better than BIOS booting. The fact that a dedicated partition is
> used to hold the primary boot loaders, is a great advantage. With
> BIOS, the booloader was
Contrary to the main argumentative line of this thread, I found EFI
far better than BIOS booting. The fact that a dedicated partition is
used to hold the primary boot loaders, is a great advantage. With
BIOS, the booloader was placed in the first sector's initial 446 bytes
of data with the
+1
I perform a lot of GNU+Linux installs each month, and 99% of them are
absolutely wiping SecureBoot & UEFI.
El 22/10/17 a les 19:06, Steve Litt ha escrit:
> Hi all,
>
> I basically said UEFI is junk and Secure Boot is an anti-small-distro
> monopolistic practice. These were, and continue to
> From: sl...@troubleshooters.com
> To: dng
>
> Hi all,
>
> I basically said UEFI is junk and Secure Boot is an anti-small-distro
> monopolistic practice. These were, and continue to be, my opinions, but
> they're just one man's opinion. I can see use cases where Secure Boot
>
38 matches
Mail list logo