<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="generator" content="Osso Notes"> <title></title></head> <body> ----- Mensaje original ----- > On 02/06/12 15:56, Alan Bell wrote: > > > Could linux foundation do the same for the servers? beause they can > > > be "cracked" in a similar way? > > > > > > > servers generally won't get the secure boot thing. Odd really because > > it kind of makes more sense to me in that context. > > > > Probably because the biggest market for servers is corporate customers > who have their own IT department and who would very quickly go see > another supplier if they had to fiddle with settings in order to install > the operating system of their choice on their systems. For a typical > large corporate that regularly installs dozens of servers, any change in > installation procedure means: > > * Re-train the whole of IT, > * Change all training and documentation material, > * Update the process of how business units get servers commissioned, > * Find a way to phase in the new process while phasing out the old one, > * Getting confirmation from suppliers of what exact models will have > UEFI so that they can have clear guidance: if model A, then do > process 1 else do process 2, > * Factor in additional costs and delays for the inevitable cock-ups > that will happen. > > > It's an interesting game that Microsoft are playing and I'm wondering > whether their primary motivation is to lock competition out or to force > the last refuseniks off XP and onto a more recent version of Windows. > > From an OEM perspective, what could happen is that you would see UEFI > > on > consumer ranges first, where customers tend to just go with what's > pre-installed, and then slowly see it appear on business ranges, where > customers tend to wipe the pre-installed OS and replace it with their > in-house image. > > The fact that this logic is completely at odds with the security > benefits of UEFI secure booting only makes sense if you see it from an > accounting point of view: secure boot is a technical tool to mitigate > the risk of a server getting compromised. This is modelled as a risk > with associated cost (cost of rebuilding a compromised server, checking > if it's the only compromised one, potential reputation costs, etc). Most > companies already mitigate that risk using firewalls, intrusion > detection systems, etc. Mitigation is not perfect so there is a residual > risk with associated cost. UEFI secure boot is then an opportunity to > reduce this residual cost through additional mitigation. If the cost > saving that results from migrating the estate to UEFI secure boot is > lower than the cost of actually doing it, companies will just stay put > with what they have, accept the risk and pay the price whenever the risk > is realised. > > So the fact that servers won't get the secure boot option is simply a > sign that nobody has yet managed to demonstrate that the cost of > introducing secure boot in a corporate environment was lower than the > potential cost of the risk it mitigates. > > Cheers, > > Bruno > thanks for the info guys! Got more than I need! I was a bit concernd that some servers were using arm as well. But clearly it will not be a problem. </body> </html>