On Sat, Nov 03, 2012 at 10:56:40PM +0000, James Bottomley wrote: > On Sat, 2012-11-03 at 13:46 +0000, Matthew Garrett wrote: > > I... what? Our signed bootloader will boot our signed kernel without any > > physically present end-user involvement. We therefore need to make it > > as difficult as practically possible for an attacker to use our signed > > bootloader and our signed kernel as an attack vector against other > > operating systems, which includes worrying about hibernate and kexec. If > > people want to support this use case then patches to deal with that need > > to be present in the upstream kernel. > > Right, but what I'm telling you is that by deciding to allow automatic > first boot, you're causing the windows attack vector problem. You could > easily do a present user test only on first boot which would eliminate > it. Instead, we get all of this.
Your definition of "Best practices" is "Automated installs are impossible"? Have you ever actually spoken to a user? -- Matthew Garrett | mj...@srcf.ucam.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
