[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure Boot. Why don't you take the wind out of their sails?

From: Chris Murphy
Subject: Re: Secure Boot. Why don't you take the wind out of their sails?
Date: Mon, 9 Jul 2012 17:32:23 -0600

On Jul 9, 2012, at 4:38 PM, Graham Cunnington wrote:

> "You can password-protect Grub.  This will secure it against malware and 
> anybody taking over your computer."

Because it's an untrue statement.

It is not the same thing as key-signing a boot loader. While GRUB2's UI's can 
be protected, I can easily cause grub.efi to be replaced with some other 
bootloader which happens to be malware, or replace the kernel a password 
protected GRUB2 is set to load with a kernel that contains malware.

> e then we already have Secure Boot and the administrators of companies and 
> home computers will have protected their computers and the Microsoft 
> initiative becomes unnecessary, at least for Secure Boot (Secure Bios is 
> another matter and another battle).

There is no meaning to secure BIOS. And what you're describing GRUB2 do in lieu 
of Secure Boot doesn't prevent any of the problems/concerns Secure Boot is 
supposed to solve. That there are significant negative concerns for how OEM's 
are going to implement Secure Boot, this is not a compelling argument against 
Secure Boot or against the real threat of pre-boot malware.

Your complaint is with OEMs way more than Microsoft, and way more than GNU 

Chris Murphy

reply via email to

[Prev in Thread] Current Thread [Next in Thread]