Am 25.03.2014 um 21:55 schrieb Ingo Weinhold <ingo_weinhold@xxxxxx>: > Scripting language interpreters would have to support restricting execution > to signed code as well. That means we'd need to patch almost anything that includes some kind of scripting language. Doesn't seem doable. > (Unfortunately even Lenovo makes switching the disk rather hard these days. > :-/ But that's another topic.) Doesn't mean much. For a desktop PC, swapping the disk is done in seconds. > Yes, firmware password plus disk encryption. What if I boot your computer using a USB stick and infect your disk decryption routine? ;) I'm pretty sure there's something for every major disk encryption software. > TBH, I was under the impression that UEFI already supported disk encryption, > so that there wasn't a gap. Well, you can set an ATA password. But that doesn't encrypt the files on the disk ;). It only locks certain ATA commands. > But apparently that isn't the case, unfortunately. So, you're right Secure > Boot would need to be supported. But not by the OS, just by the decrypting > boot loader. Exactly. That's why I never proposed changing the entire OS, only the loader. See my initial proposal! :) And only as an option for later, *if* we go the secure boot route. It's just that with signed packages we keep that option open. > Anyway, it seems to me that to get a significant benefit out of supporting > Secure Boot one would have to go to great length. I'm less and less convinced > that it is worthwhile to consider it at all. And with it making package > signing anything more than an optional feature mainly targeted at third > parties. Well, it's not great length. You use disk encryption and you only use secure boot for the loader. -- Jonathan