|
|
|
| Authored by: PJ on Monday, July 08 2013 @ 07:11 PM EDT |
That's a good point. But if someone
wants to point me to a how to, or
write me one, to show me how to
make it work, I'll give it a try.
Fedora would be my first choice,
so if you could do it for that,
I'd be happy.[ Reply to This | Parent | # ]
|
| |
| Authored by: Wol on Tuesday, July 09 2013 @ 06:07 AM EDT |
The whole POINT of UEFI is to give a trusted boot sequence, so you can know the
system hasn't been compromised.
The initial ROM pre-loader checks the boot PROM, the PROM checks the
boot-loader, the boot-loader checks the kernel, etc etc etc.
I know - there are bugs ...
And yes, I do understand MS has rigged the system such that the first boot of a
new PC pretty much HAS to be into a working Windows (so you have to accept the
EULA) before you can gain access to the UEFI to tell it you want to wipe Windows
and install linux over it ...
Cheers,
Wol[ Reply to This | Parent | # ]
|
| |
| Authored by: Anonymous on Tuesday, July 09 2013 @ 12:00 PM EDT |
The questions below are not meant for the poster I responded to - but to
anyone that thinks UEFI has positive aspects.
I'd rather have an OS with
proper security from the ground up then a makeshift bandaid that pretends to add
security. My humble opinion as to what UEFI "offers".
If the source I
select for my Linux Kernel is compromised, and I sign it with a UEFI
key:
How does UEFI protect me from said malicious code being started up when
said malicious code is signed?
If the source I select is not compromised
and I only ever modify the system applications with the Root user - or
equivalent - and I only ever work in "peon user" mode otherwise:
In what way
would I even need UEFI?
The single point of security failure that has
always existed for the computer is physical access.
If I have physical
access to the computer:
Can I get around UEFI via a manual method - for
example using the old fashioned "short the bios battery" to reset the bios to
factory settings so I can enter it and configure it as I want?
If there is
such a work around:
What value does UEFI provide that I can't get through
other security mechanisms?
I own the device! I have total say in what goes
on it! If there is no work around and UEFI can lock me out of my own
system:
It's not security I want!
RAS[ Reply to This | Parent | # ]
|
|
|
|
|
