[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

secure boot

From: Antonio Carlos Padoan Junior
Subject: secure boot
Date: Sat, 20 Aug 2022 13:23:18 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)


I hope my question makes sense. It concerns Guix grub UEFI bootloaders.

I would like to understand in which extent Guix functional approach
helps to secure the computer with regards to an early boot malicious
code/malware infection.

As far as I understand, Guix doesn't provide means to automatically sign
bootloaders and kernels in order to use UEFI secure boot after each system
reconfigure (assuming a PKI is properly implemented).  Hence, using
secure boot with Guix is currently not viable (am i correct?).

In this context, can I assume that the risk of not having secure boot is
minimized by the fact that in each system reconfiguration, the early
boot chain is overwritten is such a way that, if a malicious is
introduced somehow, it will be also overwritten? Am I correct?

In addition, how much more difficult it is to introduce such malicious
code in a Guix system giving its functional approach and store system?
(in comparison with others Linux distributions).

I know that Guix provides an amazing approach to secure software supply
chain, but I as wondering if not having secure boot can be considered
a major drawback for Guix.

Best regards
Antonio Carlos PADOAN JUNIOR
GPG fingerprint:
243F 237F 2DD3 4DCA 4EA3  1341 2481 90F9 B421 A6C9

reply via email to

[Prev in Thread] Current Thread [Next in Thread]