[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Secure Boot. Why don't you take the wind out of their sails?
From: |
Chris Murphy |
Subject: |
Re: Secure Boot. Why don't you take the wind out of their sails? |
Date: |
Mon, 9 Jul 2012 17:32:23 -0600 |
On Jul 9, 2012, at 4:38 PM, Graham Cunnington wrote:
>
> "You can password-protect Grub. This will secure it against malware and
> anybody taking over your computer."
Because it's an untrue statement.
It is not the same thing as key-signing a boot loader. While GRUB2's UI's can
be protected, I can easily cause grub.efi to be replaced with some other
bootloader which happens to be malware, or replace the kernel a password
protected GRUB2 is set to load with a kernel that contains malware.
> e then we already have Secure Boot and the administrators of companies and
> home computers will have protected their computers and the Microsoft
> initiative becomes unnecessary, at least for Secure Boot (Secure Bios is
> another matter and another battle).
There is no meaning to secure BIOS. And what you're describing GRUB2 do in lieu
of Secure Boot doesn't prevent any of the problems/concerns Secure Boot is
supposed to solve. That there are significant negative concerns for how OEM's
are going to implement Secure Boot, this is not a compelling argument against
Secure Boot or against the real threat of pre-boot malware.
Your complaint is with OEMs way more than Microsoft, and way more than GNU
GRUB2.
Chris Murphy