[ubuntu-uk] heads up - Secure Boot Problems for Linux Users Are Here Already
James Morrissey
morrissey.james1 at gmail.com
Tue Nov 1 14:41:06 UTC 2011
If it's to do the job it's intended to do, it has to be hard to turn
> off. If it's easy to turn off, it might as well not be there.
Couldn't you just have some form of password protection where, i don't
know, some sort of serial number is stuck the bottom of your machine
and you need to enter this before secure boot will be turned off.
Possibly that would scare people away.
> Well, it would add it to firewalls, adminsistrator access and IE's
> secutrity controls - another item in the list of things that helpdesks
> will insist you do to make sure their thing works before they offer to
> help you futher.
Sure, there are all sorts of ways that this empowers MS. I am not
suggesting that it's innocuous.
This being said, am i wrong that all systems would be vulnerable to
malware installing itself to the software that runs the firmware?
j
On 1 November 2011 16:54, Avi Greenbury <lists at avi.co> wrote:
> James Morrissey wrote:
>
>> As such, as i understand it, the problem is not that MS are advocating
>> for secure boot. Instead its that while they do so they are not
>> insisting that the secure boot option be something that can be
>> overridden, or switched off, if the user wishes to install a piece of
>> software that they approve of.
>
> No. Why would they? Much as it'd be nice for MS to insist that the
> secure UEFI not get in anybody else's way, that's not really something
> to expect them to do. This is the job of industry regulation.
>
>> So, while i agree that MS's approach to secure boot is
>> anti-competitive behavior wrapped up in narrative of security, having
>> secure boot systems that could easily - and i mean in a totally user
>> friendly way (ideally through a GUI) - be switched off would be a good
>> thing for all users.
>
> Well, it would add it to firewalls, adminsistrator access and IE's
> secutrity controls - another item in the list of things that helpdesks
> will insist you do to make sure their thing works before they offer to
> help you futher.
>
> If it's to do the job it's intended to do, it has to be hard to turn
> off. If it's easy to turn off, it might as well not be there.
>
> --
> Avi
>
> --
> ubuntu-uk at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
> https://wiki.ubuntu.com/UKTeam/
>
More information about the ubuntu-uk
mailing list