| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87fw4mv11b.fsf@mid.deneb.enyo.de> Date: Tue, 06 Nov 2012 23:06:56 +0100 From: Florian Weimer <fw@...eb.enyo.de> To: Matthew Garrett <mjg59@...f.ucam.org> Cc: Chris Friesen <chris.friesen@...band.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, "H. Peter Anvin" <hpa@...or.com>, James Bottomley <James.Bottomley@...senPartnership.com>, Pavel Machek <pavel@....cz>, Eric Paris <eparis@...isplace.org>, Jiri Kosina <jkosina@...e.cz>, Oliver Neukum <oneukum@...e.de>, Alan Cox <alan@...rguk.ukuu.org.uk>, Josh Boyer <jwboyer@...il.com>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org Subject: Re: [RFC] Second attempt at kernel secure boot support * Matthew Garrett: > I'm not sure why you think that Fedora PXE installs will > automatically wipe disks - they'll do whatever Kickstart tells them > to do. Or what the referenced initrd contains (which is not signed, for obvious reasons). The point is that "the bootloader is signed by Fedora" does not translate to "I can run this without worries". I'm not sure if anybody has made promises in this direction. But lack of a "do no harm" rule (which would have to prevent certain forms of unattended installation for sure) means that we do not get that many benefits out of Secure Boot. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists