<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 07.06.12 16:17, Kerry Brown wrote:
<blockquote
cite="mid:A0615421071EDD4A9F851117D67D538A5D5D25ED@EXCH01.KDBSystems.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif][if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1"><span style="font-size: 11pt;
font-family: "Calibri","sans-serif";
color: rgb(31, 73, 125);">I don’t know what the fuss is. There
is a lot of FUD about this.</span></div>
</blockquote>
<br>
There is FUD, but also there are some fundamental problems that are
NOT addressed by this "secure boot" initiative.<br>
<br>
The most trivial example is with open source operating systems, such
as FreeBSD. The typical way you build and install FreeBSD is from
source. This includes compiling the boot loaders from source too.
Now, how do you sign those boot loaders? You aren't supposed to have
the FreeBSD's private keys on every system that builds the boot
loaders. If you do, malware writers could use those keys to build
malicious boot code, that will be happily executed by this "secure"
UEFI.<br>
This is not unique to FreeBSD of course and means that any open
source OS will be unable to use this "feature". No matter what the
advertizing says.<br>
<br>
Things with Windows are already bad, since when Microsoft
implemented code signing. By virtue of being signed "by Microsoft",
Windows will let any software run, without noticing the user and
will full privileges. This is the worst "security" anyone can even
invent...<br>
<br>
What is more, this "security" is being exploited today by serious,
as they say "government backed" malware such as the recent "Flame"
case.<br>
<br>
Daniel<br>
</body>
</html>