On Sat, Jun 16, 2012 at 12:22:24PM +0300, Maxim Kammerer wrote:
On Fri, Jun 15, 2012 at 3:01 PM, Rich Freeman ri...@gentoo.org wrote:
I think that anybody that really cares about security should be
running in custom mode anyway, and should just re-sign anything they
want to run. Custom
On Sun, Jun 17, 2012 at 8:03 PM, Greg KH gre...@gentoo.org wrote:
Huh? No, why would a user need to resign the UEFI drivers? Those
live in the BIOS and are only used to get the machine up and running
in UEFI space, before UEFI hands the control off to the bootloader it
has verified is signed
On Fri, 15 Jun 2012 16:56:52 -0700
Greg KH gre...@gentoo.org wrote:
On Fri, Jun 15, 2012 at 06:57:06AM +0200, Chí-Thanh Christopher
Nguyễn wrote:
If you have influence on UEFI secure boot spec, you could suggest
that they mandate a UI which lists all boot images known to the EFI
boot
Am 16.06.2012 01:59, schrieb Greg KH:
On Fri, Jun 15, 2012 at 09:49:01AM +0200, Florian Philipp wrote:
Am 15.06.2012 09:26, schrieb Michał Górny:
On Thu, 14 Jun 2012 21:56:04 -0700 Greg KH gre...@gentoo.org wrote:
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
On 15 June 2012
On Fri, Jun 15, 2012 at 3:01 PM, Rich Freeman ri...@gentoo.org wrote:
I think that anybody that really cares about security should be
running in custom mode anyway, and should just re-sign anything they
want to run. Custom mode lets you clear every single key in the
system from the vendor on
On Thu, Jun 14, 2012 at 11:28 PM, Greg KH gre...@gentoo.org wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Should I worry about this and how it affects Gentoo, or not worry about
Gentoo right now and just focus on the other issues?
Minor details like, do we have a
On 15 June 2012 13:24, Arun Raghavan ford_pref...@gentoo.org wrote:
On 15 June 2012 10:33, Ben de Groot yng...@gentoo.org wrote:
On 15 June 2012 12:45, Arun Raghavan ford_pref...@gentoo.org wrote:
On 15 June 2012 09:58, Greg KH gre...@gentoo.org wrote:
So, anyone been thinking about this? I
On Thu, 14 Jun 2012 21:56:04 -0700
Greg KH gre...@gentoo.org wrote:
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
On 15 June 2012 09:58, Greg KH gre...@gentoo.org wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Should I worry about this and
Am 15.06.2012 09:26, schrieb Michał Górny:
On Thu, 14 Jun 2012 21:56:04 -0700
Greg KH gre...@gentoo.org wrote:
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
On 15 June 2012 09:58, Greg KH gre...@gentoo.org wrote:
So, anyone been thinking about this? I have, and it's not
On 06/15/2012 03:12 AM, Ben de Groot wrote:
On 15 June 2012 13:24, Arun Raghavan ford_pref...@gentoo.org wrote:
On 15 June 2012 10:33, Ben de Groot yng...@gentoo.org wrote:
On 15 June 2012 12:45, Arun Raghavan ford_pref...@gentoo.org wrote:
On 15 June 2012 09:58, Greg KH gre...@gentoo.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/15/2012 03:49 AM, Florian Philipp wrote:
Am 15.06.2012 09:26, schrieb Michał Górny:
On Thu, 14 Jun 2012 21:56:04 -0700
Greg KH gre...@gentoo.org wrote:
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
On 15 June 2012 09:58,
Am 15.06.2012 10:06, schrieb Richard Farina:
On 06/15/2012 03:49 AM, Florian Philipp wrote:
Am 15.06.2012 09:26, schrieb Michał Górny:
On Thu, 14 Jun 2012 21:56:04 -0700
Greg KH gre...@gentoo.org wrote:
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
On 15 June 2012 09:58,
Am 15.06.2012 09:58, schrieb Richard Farina:
On 06/15/2012 03:12 AM, Ben de Groot wrote:
On 15 June 2012 13:24, Arun Raghavan ford_pref...@gentoo.org wrote:
On 15 June 2012 10:33, Ben de Groot yng...@gentoo.org wrote:
On 15 June 2012 12:45, Arun Raghavan ford_pref...@gentoo.org wrote:
On 15
On Fri, Jun 15, 2012 at 12:28 AM, Greg KH gre...@gentoo.org wrote:
Should I worry about this and how it affects Gentoo, or not worry about
Gentoo right now and just focus on the other issues?
Minor details like, do we have a 'company' that can pay Microsoft to
sign our bootloader? is one
On 15 June 2012 15:58, Richard Farina sidh...@gmail.com wrote:
On 06/15/2012 03:12 AM, Ben de Groot wrote:
On 15 June 2012 13:24, Arun Raghavan ford_pref...@gentoo.org wrote:
On 15 June 2012 10:33, Ben de Groot yng...@gentoo.org wrote:
On 15 June 2012 12:45, Arun Raghavan
Am 15.06.2012 12:14, schrieb Rich Freeman:
[...]
+1 for your assessment so far.
I'd be personally interested in pointers to info on what the powers
that be do and don't allow with UEFI. I've seen lots of
sky-is-falling blog entries and discussion but little in the way of
specs, and more
On Fri, Jun 15, 2012 at 10:37:02AM +0200, Florian Philipp wrote
Besides, it wouldn't work long. They can blacklist keys.
Question... how would blacklisting work on linux machines? Let's
say Joe Blow gets a signing key and then passes it around. I can see
that if you want to build an
On Fri, Jun 15, 2012 at 7:32 AM, Walter Dnes waltd...@waltdnes.org wrote:
Question... how would blacklisting work on linux machines? Let's
say Joe Blow gets a signing key and then passes it around. I can see
that if you want to build an executable (*.exe) to run under Windows,
you'll run
On 06/15/2012 06:57 AM, Chí-Thanh Christopher Nguyễn wrote:
Greg KH schrieb:
So, anyone been thinking about this? I have, and it's not pretty.
Should I worry about this and how it affects Gentoo, or not worry about
Gentoo right now and just focus on the other issues?
Minor details like, do
On 06/15/2012 12:14 PM, Rich Freeman wrote:
5. If somebody (perhaps under the umbrella of hardened) wanted to
create a Gentoo project around a fully trusted Gentoo I'd be
completely supportive of that. It would take work. In the spirit of
Gentoo we should allow anybody to build their own
On Fri, Jun 15, 2012 at 8:18 AM, Luca Barbato lu_z...@gentoo.org wrote:
On 06/15/2012 06:57 AM, Chí-Thanh Christopher Nguyễn wrote:
If you have influence on UEFI secure boot spec, you could suggest that
they mandate a UI which lists all boot images known to the EFI boot
manager, and the user
On Fri, Jun 15, 2012 at 8:22 AM, Luca Barbato lu_z...@gentoo.org wrote:
If we want to try to get serious on 5, we could try to gather the
hardened/security people across distributions and setup the whole chain
to be parallel and cut deals with OEM to store this trust-chain keys
along with MS.
Am 15.06.2012 14:01, schrieb Rich Freeman:
On Fri, Jun 15, 2012 at 7:32 AM, Walter Dnes waltd...@waltdnes.org wrote:
Question... how would blacklisting work on linux machines? Let's
say Joe Blow gets a signing key and then passes it around. I can see
that if you want to build an executable
On 06/15/2012 06:14 AM, Rich Freeman wrote:
8. I think the bigger issue is with ARM, and I'm not personally clear
on what the exact policy is there. That really strikes me as
antitrust, but MS might argue that on ARM they have no monopoly
(instead we have a bunch of different vendors who
On 06/15/2012 12:24 AM, Arun Raghavan wrote:
On 15 June 2012 10:26, Greg KH gre...@gentoo.org wrote:
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
On 15 June 2012 09:58, Greg KH gre...@gentoo.org wrote:
So, anyone been thinking about this? I have, and it's not pretty.
On 06/14/2012 11:45 PM, Greg KH wrote:
On Thu, Jun 14, 2012 at 09:28:10PM -0700, Greg KH wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Should I worry about this and how it affects Gentoo, or not worry about
Gentoo right now and just focus on the other issues?
On Fri, Jun 15, 2012 at 06:14:12AM -0400, Rich Freeman wrote:
On Fri, Jun 15, 2012 at 12:28 AM, Greg KH gre...@gentoo.org wrote:
Should I worry about this and how it affects Gentoo, or not worry about
Gentoo right now and just focus on the other issues?
Minor details like, do we have a
On Fri, Jun 15, 2012 at 06:57:06AM +0200, Chí-Thanh Christopher Nguyễn wrote:
If you have influence on UEFI secure boot spec, you could suggest that
they mandate a UI which lists all boot images known to the EFI boot
manager, and the user can easily whitelist both individual loaders and
the
On Fri, Jun 15, 2012 at 09:49:01AM +0200, Florian Philipp wrote:
Am 15.06.2012 09:26, schrieb Michał Górny:
On Thu, 14 Jun 2012 21:56:04 -0700 Greg KH gre...@gentoo.org wrote:
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
On 15 June 2012 09:58, Greg KH gre...@gentoo.org
On Fri, Jun 15, 2012 at 04:35:28PM -0500, Matthew Thode wrote:
One of these days I'd like to pick your brain about some hardened UEFI
interactions I've seen (with pipacs watching).
Sure, be glad to talk about this anytime.
On Fri, Jun 15, 2012 at 01:48:05AM -0400, Philip Webb wrote:
120614 Greg KH wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Should I worry about this and how it affects Gentoo
or not worry about Gentoo right now and just focus on the other issues?
Minor details
On Fri, Jun 15, 2012 at 01:03:24PM +0800, Ben de Groot wrote:
On 15 June 2012 12:45, Arun Raghavan ford_pref...@gentoo.org wrote:
On 15 June 2012 09:58, Greg KH gre...@gentoo.org wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Minor details like, do we have a
On Fri, Jun 15, 2012 at 09:26:07AM +0200, Michał Górny wrote:
On Thu, 14 Jun 2012 21:56:04 -0700
Greg KH gre...@gentoo.org wrote:
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
On 15 June 2012 09:58, Greg KH gre...@gentoo.org wrote:
So, anyone been thinking about this?
On Fri, Jun 15, 2012 at 7:55 PM, Greg KH gre...@gentoo.org wrote:
On Fri, Jun 15, 2012 at 06:14:12AM -0400, Rich Freeman wrote:
The whole chain-of-trust is an interesting issue as the UEFI spec does
not require it at all, and some people on the UEFI committee have told
me that it is not
120615 Greg KH wrote:
On Fri, Jun 15, 2012 at 01:48:05AM -0400, Philip Webb wrote:
Does this affect those of us who build our own machines ?
Yes, it will be on your new motherboard in a matter of months.
I am going to build a new machine some time in the next 12 mth ,
but it looks as if all I
On Fri, Jun 15, 2012 at 08:41:47PM -0400, Rich Freeman wrote:
On Fri, Jun 15, 2012 at 7:55 PM, Greg KH gre...@gentoo.org wrote:
On Fri, Jun 15, 2012 at 06:14:12AM -0400, Rich Freeman wrote:
The whole chain-of-trust is an interesting issue as the UEFI spec does
not require it at all, and
On 15 June 2012 09:58, Greg KH gre...@gentoo.org wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Should I worry about this and how it affects Gentoo, or not worry about
Gentoo right now and just focus on the other issues?
I think it at least makes sense to talk about
On Thu, Jun 14, 2012 at 09:28:10PM -0700, Greg KH wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Should I worry about this and how it affects Gentoo, or not worry about
Gentoo right now and just focus on the other issues?
Minor details like, do we have a
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
On 15 June 2012 09:58, Greg KH gre...@gentoo.org wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Should I worry about this and how it affects Gentoo, or not worry about
Gentoo right now and just focus
Greg KH schrieb:
So, anyone been thinking about this? I have, and it's not pretty.
Should I worry about this and how it affects Gentoo, or not worry about
Gentoo right now and just focus on the other issues?
Minor details like, do we have a 'company' that can pay Microsoft to
sign our
On 15 June 2012 12:45, Arun Raghavan ford_pref...@gentoo.org wrote:
On 15 June 2012 09:58, Greg KH gre...@gentoo.org wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Minor details like, do we have a 'company' that can pay Microsoft to
sign our bootloader? is one
On Fri, Jun 15, 2012 at 1:03 AM, Ben de Groot yng...@gentoo.org wrote:
On 15 June 2012 12:45, Arun Raghavan ford_pref...@gentoo.org wrote:
On 15 June 2012 09:58, Greg KH gre...@gentoo.org wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Minor details like, do we
On 15 June 2012 10:26, Greg KH gre...@gentoo.org wrote:
On Fri, Jun 15, 2012 at 10:15:28AM +0530, Arun Raghavan wrote:
On 15 June 2012 09:58, Greg KH gre...@gentoo.org wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Should I worry about this and how it affects
On 15 June 2012 10:33, Ben de Groot yng...@gentoo.org wrote:
On 15 June 2012 12:45, Arun Raghavan ford_pref...@gentoo.org wrote:
On 15 June 2012 09:58, Greg KH gre...@gentoo.org wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Minor details like, do we have a
120614 Greg KH wrote:
So, anyone been thinking about this? I have, and it's not pretty.
Should I worry about this and how it affects Gentoo
or not worry about Gentoo right now and just focus on the other issues?
Minor details like, do we have a 'company' that can pay Microsoft
to sign our
On 2012-06-15 7:56 AM, Greg KH wrote:
Distributing a first-stage bootloader blob, that is signed by Microsoft,
or someone, seems to be the only way to easily handle this.
Fedora agrees:
http://mjg59.dreamwidth.org/12368.html
Other distros haven't decided yet afaik although there have been some
46 matches
Mail list logo