On Sun, Jul 08, 2012 at 07:30:48PM -0400, Ted Ts'o wrote:
> So in answer to your question, there are plenty of Android devices
> which are trivially unlockable. (And once a Nexus phone is unlocked,
> it's you can get a root shell trivially; no jail-breaking necessary.
> Of course this is true for
Le mardi 10 juillet 2012 13:08:57, Russell Coker a écrit :
> On Tue, 10 Jul 2012, "Thomas Preud'homme" wrote:
> > When the flaws was exploited, then the attacker had sufficient access to
> > change e.g. EFI and could thus have done whatever nasty things he wanted
> > on the system. And as long as
On Tue, 10 Jul 2012, "Thomas Preud'homme" wrote:
> When the flaws was exploited, then the attacker had sufficient access to
> change e.g. EFI and could thus have done whatever nasty things he wanted
> on the system. And as long as the system is not rebooted, nothing can
> prevent it to do so.
htt
Le lundi 2 juillet 2012 18:42:13, Steve McIntyre a écrit :
> Hey folks,
>
> As you might have seen from recent discussions about the Fedora and
> Ubuntu strategies for how to deal with EFI and Secure Boot, there are
> potentially major issues in the area. In Debian we don't (yet) have a
> plan, so
On Mon, Jul 09, 2012 at 12:26:49PM -0400, Ted Ts'o wrote:
> On Mon, Jul 09, 2012 at 04:48:38PM +0100, Matthew Garrett wrote:
> > Hey, it's hardly my fault that nobody else bothered turning up to the
> > well-advertised events where this got discussed...
>
> If it's documented on paper, it didn't h
On Mon, Jul 09, 2012 at 04:48:38PM +0100, Matthew Garrett wrote:
> In article <20120708235244.gb24...@thunk.org> Ted Ts'o wrote:
> > Matthew Garret believes that this is a requirement; however, there is
> > no documented paper trail indicating that this is actually necessary.
> > There are those w
In article <20120708235244.gb24...@thunk.org> Ted Ts'o wrote:
> Matthew Garret believes that this is a requirement; however, there is
> no documented paper trail indicating that this is actually necessary.
> There are those who believe that Microsoft wouldn't dare revoke a
> Linux key because of t
On Fri, Jul 06, 2012 at 05:32:44AM +0100, Ben Hutchings wrote:
>
> 2. Upstream kernel support: when booted in Secure Boot mode, Linux would
> only load signed kernel modules and disable the various debug interfaces
> that allow code injection. I'm aware that David Howells, Matthew
> Garrett and o
On Sun, Jul 08, 2012 at 10:00:05AM -0600, Paul Wise wrote:
> On Sun, Jul 8, 2012 at 7:15 AM, Wookey wrote:
> > Will Android machines make secure boot turn-offable or another key
> > installable, or will thay follow the Microsoft lead and lock
> > everything down too?
>
> Are there any Android devi
Paul,
am Sun, Jul 08, 2012 at 10:00:05AM -0600 hast du folgendes geschrieben:
> On Sun, Jul 8, 2012 at 7:15 AM, Wookey wrote:
> > Will Android machines make secure boot turn-offable or another key
> > installable, or will thay follow the Microsoft lead and lock
> > everything down too?
> Are there
On Sun, Jul 8, 2012 at 7:15 AM, Wookey wrote:
> Will Android machines make secure boot turn-offable or another key
> installable, or will thay follow the Microsoft lead and lock
> everything down too?
Are there any Android devices that aren't *already* bootloader locked
or require jailbreaking to
On Sun, 2012-07-08 at 14:15 +0100, Wookey wrote:
[...]
> A competition case is much harder to bring here because Windows has
> almost zero share on ARM and can use that as an excuse. Of course, as
> we know in Debian architecture is really irrelevant to the question of
> 'is this OS dominant and us
On Sun, 8 Jul 2012, Wookey wrote:
> > The distinction is between x86 and ARM, and the Windows 8 cert
> > requirements for ARM appear to have as their goal to prevent any other
> > OS to be bootable on that hardware.
>
> Which is pretty outrageous IMHO and may well become a serious problem
> once
+++ Steve Langasek [2012-07-07 15:58 -0600]:
> On Sat, Jul 07, 2012 at 11:09:57PM +0200, Andreas Barth wrote:
> > * Steve Langasek (vor...@debian.org) [120707 22:54]:
> > > On Fri, Jul 06, 2012 at 10:14:01AM +0200, Josselin Mouette wrote:
> > > > If OTOH we have to pay a fee just for our software
On Sat, Jul 07, 2012 at 11:09:57PM +0200, Andreas Barth wrote:
> * Steve Langasek (vor...@debian.org) [120707 22:54]:
> > On Fri, Jul 06, 2012 at 10:14:01AM +0200, Josselin Mouette wrote:
> > > If OTOH we have to pay a fee just for our software to work on platforms
> > > that just happen to be usin
On Sat, Jul 07, 2012 at 02:48:59PM -0600, Steve Langasek wrote:
> On Fri, Jul 06, 2012 at 10:14:01AM +0200, Josselin Mouette wrote:
> > If OTOH we have to pay a fee just for our software to work on platforms
> > that just happen to be using Microsoft’s certificate, this is clearly
> > abusive. I w
* Steve Langasek (vor...@debian.org) [120707 22:54]:
> On Fri, Jul 06, 2012 at 10:14:01AM +0200, Josselin Mouette wrote:
> > If OTOH we have to pay a fee just for our software to work on platforms
> > that just happen to be using Microsoft’s certificate, this is clearly
> > abusive. I would object
On Fri, Jul 06, 2012 at 10:14:01AM +0200, Josselin Mouette wrote:
> Le vendredi 06 juillet 2012 à 05:32 +0100, Ben Hutchings a écrit :
> > 1. General consensus in the project that supporting the option of Secure
> > Boot, including purchase of a Microsoft-signed certificate, is
> > worthwhile and
On Sat, 2012-07-07 at 08:46 -0600, Ansgar Burchardt wrote:
> Hi,
>
> Ben Hutchings writes:
> > 2. Upstream kernel support: when booted in Secure Boot mode, Linux would
> > only load signed kernel modules and disable the various debug interfaces
> > that allow code injection. I'm aware that David
Hi,
Ben Hutchings writes:
> 2. Upstream kernel support: when booted in Secure Boot mode, Linux would
> only load signed kernel modules and disable the various debug interfaces
> that allow code injection. I'm aware that David Howells, Matthew
> Garrett and others are working on this.
That makes
On Fri, Jul 6, 2012 at 5:41 AM, Carlos Alberto Lopez Perez wrote:
> This are the FSF recommendations:
>
> http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/whitepaper-web
These seem much more in line with the Debian social contract than any
the actions of other distributions or of the s
On 06/07/12 06:32, Ben Hutchings wrote:
> 1. General consensus in the project that supporting the option of Secure
> Boot, including purchase of a Microsoft-signed certificate, is
> worthwhile and not entirely objectionable. (I am assuming that it would
> be a waste of time to use our own platform
Le vendredi 06 juillet 2012 à 05:32 +0100, Ben Hutchings a écrit :
> 1. General consensus in the project that supporting the option of Secure
> Boot, including purchase of a Microsoft-signed certificate, is
> worthwhile and not entirely objectionable.
Not entirely objectionable indeed, but it r
On Thu, 2012-07-05 at 22:27 -0400, Theodore Ts'o wrote:
> On Wed, Jul 04, 2012 at 12:51:01PM +, Tanguy Ortolo wrote:
> > Tanguy Ortolo, 2012-07-04 14:13+0200:
> > > A blog post explaining how to set up Debian to boot via UEFI:
> > >http://tanguy.ortolo.eu/blog/article51/debian-efi
> > > A m
On Wed, Jul 04, 2012 at 12:51:01PM +, Tanguy Ortolo wrote:
> Tanguy Ortolo, 2012-07-04 14:13+0200:
> > A blog post explaining how to set up Debian to boot via UEFI:
> >http://tanguy.ortolo.eu/blog/article51/debian-efi
> > A message to this list detailing the UEFI boot procedure and what is
Tanguy wrote:
>Steve McIntyre, 2012-07-02 18:42+0200:
>> As you might have seen from recent discussions about the Fedora and
>> Ubuntu strategies for how to deal with EFI and Secure Boot, there are
>> potentially major issues in the area. In Debian we don't (yet) have a
>> plan, so it's high time t
Tanguy Ortolo, 2012-07-04 14:13+0200:
> A blog post explaining how to set up Debian to boot via UEFI:
>http://tanguy.ortolo.eu/blog/article51/debian-efi
> A message to this list detailing the UEFI boot procedure and what is
> required to support it:
>
>http://lists.debian.org/debian-dev
Steve McIntyre, 2012-07-02 18:42+0200:
> As you might have seen from recent discussions about the Fedora and
> Ubuntu strategies for how to deal with EFI and Secure Boot, there are
> potentially major issues in the area. In Debian we don't (yet) have a
> plan, so it's high time that we had some dis
On Mon, Jul 02, 2012 at 05:42:13PM +0100, Steve McIntyre wrote:
> As you might have seen from recent discussions about the Fedora and
> Ubuntu strategies for how to deal with EFI and Secure Boot, there are
> potentially major issues in the area. In Debian we don't (yet) have a
> plan, so it's high
Hey folks,
As you might have seen from recent discussions about the Fedora and
Ubuntu strategies for how to deal with EFI and Secure Boot, there are
potentially major issues in the area. In Debian we don't (yet) have a
plan, so it's high time that we had some discussion. I've set up a BoF
at DebCo
30 matches
Mail list logo
