On March 18, 2015 10:34:42 AM EDT, Lennart Sorensen <[email protected]> wrote: >On Wed, Mar 18, 2015 at 04:17:52AM -0400, R Russell Reiter wrote: >> I consider security in mission critical environments to be a valid >purpose and note that enterprise is not necessarily mission critical >whereas national security is uniformly considered to be very critical. > >If you want security, recompiling again and again is not a solution, >it is a risk. Validating your binary with some kind of checksum would >be useful. Sure you should compile it yourself from validated sources, >and then sign the result, and then leave it alone and just check the >signature each time you boot. > >> LI technology has improved in the last ten years and its true those >improvements were drive by markets rather than government or national >interests but those interests can and will take advantage of those >improvements. >> >> Let me put it this way, would you deliberately not take advantage of >a secure booting feature which because of hardware and software >improvements, works with little or no added overhead? > >Yes I would. I despise secure boot. It has its use in a few special >cases, but the wast majority of places it is being pushed is purely to >try and control peoples hardware. > >Of course secure booting relies on signed binaries, and certainly does >NOT support recompiling the code each time you boot. > >> You could do that as a matter of personal preference but in >enterprise you would lose market share when your bank clients discover >your system is not as secure as your competitors. >> >> So you only compile your critical dependency system once at runtime >and if and when you make hardware or other critical changes you do it >again. There are valid reasons to harden systems and keep them hard. >You got 82000 hrs spin time from one of your drives, that's a lot of >times between boots. > >There is no reason to trust your sources anymore than your precompiled >binary at boot time, hence recompiling is plain stupid and serves no >purpose. You turn it from a problem of validating your binary, to one >of validating your compiler binary and your source code, and wasting a >lot of time every boot. Compiling trusted code in a trusted >environment >and then signing it and using secure boot to validate the signed binary >and running it does make sense, but compiling multiple times does not. > >> I don't just pull this stuff out from under my hat you know, I do a >lot of reading. Its just that I'm limited to the stuff that's not above >my pay grade or not otherwise trade secrets. > >Well it sure seems like you do a lot of the time.
-- Sent via K-9 Mail. --- Talk Mailing List [email protected] http://gtalug.org/mailman/listinfo/talk
