Hi Antonio, Antonio Carlos Padoan Junior <acpadoa...@yahoo.com.br> writes:
> As far as I understand, Guix doesn't provide means to automatically sign > bootloaders and kernels in order to use UEFI secure boot after each system > reconfigure (assuming a PKI is properly implemented). Hence, using > secure boot with Guix is currently not viable (am i correct?). You're right, we don't really have any means to do that. It would have to be done outside of the store, again, so that the private key doesn't leak into it. > In this context, can I assume that the risk of not having secure boot is > minimized by the fact that in each system reconfiguration, the early > boot chain is overwritten is such a way that, if a malicious is > introduced somehow, it will be also overwritten? Am I correct? A reconfigure would overwrite the bootloader, and most likely create a new system generation with bootloader configuration. > In addition, how much more difficult it is to introduce such malicious > code in a Guix system giving its functional approach and store system? > (in comparison with others Linux distributions). Nothing is stopping an attacker from overwriting your bootloader with their own, which could load a kernel of their choosing. They would need to be able to boot off something though. And once you're compromised that way, I don't think you could consider running `guix system reconfigure` an option. Best, -- Josselin Poiret
