[governance] Verisign to control what operating systems you can run on your computer
Daniel Kalchev
daniel at digsys.bg
Thu Jun 7 10:20:10 EDT 2012
On 07.06.12 16:17, Kerry Brown wrote:
> I don’t know what the fuss is. There is a lot of FUD about this.
There is FUD, but also there are some fundamental problems that are NOT
addressed by this "secure boot" initiative.
The most trivial example is with open source operating systems, such as
FreeBSD. The typical way you build and install FreeBSD is from source.
This includes compiling the boot loaders from source too. Now, how do
you sign those boot loaders? You aren't supposed to have the FreeBSD's
private keys on every system that builds the boot loaders. If you do,
malware writers could use those keys to build malicious boot code, that
will be happily executed by this "secure" UEFI.
This is not unique to FreeBSD of course and means that any open source
OS will be unable to use this "feature". No matter what the advertizing
says.
Things with Windows are already bad, since when Microsoft implemented
code signing. By virtue of being signed "by Microsoft", Windows will let
any software run, without noticing the user and will full privileges.
This is the worst "security" anyone can even invent...
What is more, this "security" is being exploited today by serious, as
they say "government backed" malware such as the recent "Flame" case.
Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20120607/664a6f9f/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.igcaucus.org
To be removed from the list, visit:
http://www.igcaucus.org/unsubscribing
For all other list information and functions, see:
http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
http://www.igcaucus.org/
Translate this email: http://translate.google.com/translate_t
More information about the Governance
mailing list