Page 2 of 10 FirstFirst 1234 ... LastLast
Results 11 to 20 of 94

Thread: The State Of Linux Distributions Handling SecureBoot

  1. #11
    Join Date
    Nov 2007
    Posts
    1,353

    Default

    Explain to me how preventing linux from booting does anything, anything at all to help MS security situation?

    They didnt fix shit. All they did was fuck us. And they did it knowing what they were doing.

  2. #12
    Join Date
    Apr 2010
    Posts
    1,946

    Default

    I am not buying any shitty motherboard with secureboot. In fact, this thing is just crying for lawsuit!

  3. #13
    Join Date
    Apr 2011
    Posts
    114

    Default

    Quote Originally Posted by duby229 View Post
    Explain to me how preventing linux from booting does anything, anything at all to help MS security situation?
    If your bootloader is compromised, you can no longer trust your running kernel. And if you can't trust your running kernel, you have no way of determining whether your machine has been compromised. That means that any security breach that would normally have been detected and fixed when you updated your system can instead remain there until you either boot off recovery media or replace your hard drive.

    Security is about layers. It's obviously better to prevent a system compromise in the first place, but software has bugs and it's inevitable that some of those will end up being security bugs. Linux isn't a special case here - check any distribution's security updates and you'll see that there's no shortage of remotely-exploitable bugs that permit arbitrary code execution. The sensible thing to assume is that at some point a bad guy will find one you don't know about and exploit it before you've fixed it. That means you need to reduce the damage that that compromise can do. selinux and apparmor are mostly protective technologies, not preventative technologies - both exist to reduce the damage that arbitrary code can do. Secure Boot is another example of a protective technology. It doesn't prevent an initial compromise, but it reduce the damage that that initial compromise can do.

    But for that to be useful, you need to know that the code you're executing is trusted. There's two ways of handling that - you either have the user explicitly tell you what's trusted (including letting the user tell you to trust everything), or you trust a third party to tell you what's trustworthy. Microsoft's implementation on x86 permits both. You can disable Secure Boot or install your own keys, or you can just assume that everything signed by Microsoft is valid.

    They didnt fix shit. All they did was fuck us. And they did it knowing what they were doing.
    Yeah, we're so fucked that there's already mainstream Linux distributions that boot out of the box on Secure Boot systems.

  4. #14
    Join Date
    Apr 2011
    Posts
    114

    Default

    Quote Originally Posted by crazycheese View Post
    I am not buying any shitty motherboard with secureboot. In fact, this thing is just crying for lawsuit!
    Under which law?

  5. #15
    Join Date
    Dec 2011
    Posts
    2,004

    Default Next step?

    Microsoft has been going around spreading FUD about they owning Linux "intellectual property" (lol) and patents.

    Maybe the next step is, they only sign those who pay to license their patents. Some kind of extortion.

  6. #16
    Join Date
    Apr 2010
    Posts
    1,946

    Default

    Quote Originally Posted by mjg59 View Post
    Under which law?
    Antitrust law.

  7. #17
    Join Date
    Apr 2011
    Posts
    114

    Default

    Quote Originally Posted by crazycheese View Post
    Antitrust law.
    Unlike the forced bundling of IE and Windows, Microsoft aren't actually forcing anyone to do anything here.

  8. #18
    Join Date
    Sep 2008
    Location
    Vilnius, Lithuania
    Posts
    2,518

    Default

    According to another thread in this forum, there already are some boards with UEFI firmware that don't allow turning off secure boot. That would be lawsuit-worthy, it looks like.

  9. #19
    Join Date
    Apr 2011
    Posts
    114

    Default

    Quote Originally Posted by GreatEmerald View Post
    According to another thread in this forum, there already are some boards with UEFI firmware that don't allow turning off secure boot. That would be lawsuit-worthy, it looks like.
    If they've got Windows 8 stickers then please let me know the manufacturer and model. If they don't, then you're probably limited to arguing with the manufacturer over whether or not they were correctly advertised - Microsoft didn't force them to do that, so it's unclear how you'd be able to sue them.

  10. #20
    Join Date
    Nov 2007
    Posts
    1,353

    Default

    MS essentially said... "Lets make up some imaginary boot loader virus so we can fuck linux!"

    Windows 8 is still gonna get just as comprimised as every other windows has ever been. And booting linux doesnt have a single damn thing to do with that.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •