[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87k3u0cu1k.fsf@xmission.com>
Date: Mon, 05 Nov 2012 00:50:47 -0800
From: ebiederm@...ssion.com (Eric W. Biederman)
To: "H. Peter Anvin" <hpa@...or.com>
Cc: Matthew Garrett <mjg59@...f.ucam.org>,
James Bottomley <James.Bottomley@...senPartnership.com>,
Pavel Machek <pavel@....cz>,
Chris Friesen <chris.friesen@...band.com>,
Eric Paris <eparis@...isplace.org>,
Jiri Kosina <jkosina@...e.cz>, Oliver Neukum <oneukum@...e.de>,
Alan Cox <alan@...rguk.ukuu.org.uk>,
Josh Boyer <jwboyer@...il.com>, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org
Subject: Re: [RFC] Second attempt at kernel secure boot support
"H. Peter Anvin" <hpa@...or.com> writes:
> This is not a good thing to assume. A vendor could have an external
> button, for example.
Facts are always a good thing to assume.
The fact is the general case does not admit an install without user
interaction.
It makes a lot of sense to revisit the working assumptions when for lack
of 3 o4 4 lines in the bootloader people are advocating turning gold
into lead at the cost of a national banking bailout.
Non-interactive installs are very interesting but they only make sense
in a very narrow range of cases not on every in every BIOS state on
every machine. If the UEFI firmware will let me install a platform key
and set ever other firmware setting in my installer, then it is a good
starting state. The rest of the time there will be some unpredictable
inconsistent mess of firmware settings that someone is going to have to
go in and fix. Or the install cd will have blown away my existing
partitions deleting data I forgot to back up that day.
The notion that a non-interactive install is possible in the general
case is complete and total hogwash.
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists