> On Oct 17, 2017, at 9:08 AM, Arnt Gulbrandsen <a...@gulbrandsen.priv.no> > wrote: > > Alessandro Selli writes: >> Plus, it's purported security is mostly a mith. It only checks if the >> first-stage bootloader was signed by a known, authorized key, everything else >> is as exposed to malware and rootkits as it's always been. It protects from >> one of the smallest attack vectors that was used to compromize machines. > > Isn't it the ONLY way to protect against that?
Think about it from the opposite direction. If you have a signed kernel, can you trust the environment it is loaded in if the bootloader isn’t signed? Can the bootloader trust the environment if the first stage bootloader isn’t signed? The chain of trust has to go all the way back to the firmware for trusted computing to be possible. Note, I say, “possible”, not guaranteed or anything like that. Signing doesn’t prevent malware from getting in to the system. If the build system is compromised, as was the case recently with CCleaner, the malware gets signed. Security flaws are most often present because they're simple, unfortunate bugs, happily signed by the CI pipeline. Occasionally, the flaw is a part of the standard, such as the recent issue with WPA2. No amount of signing will fix any of these issues, but signing makes auditing the whole system 1000x easier. jf -- John Franklin frank...@tux.org
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
