[haiku-development] Re: Design for signed packages
- From: Jonathan Schleifer <js-haiku-development@xxxxxxxxxxx>
- To: haiku-development@xxxxxxxxxxxxx
- Date: Wed, 26 Mar 2014 04:08:00 +0100
Am 25.03.2014 um 21:55 schrieb Ingo Weinhold <ingo_weinhold@xxxxxx>:
> Scripting language interpreters would have to support restricting execution
> to signed code as well.
That means we'd need to patch almost anything that includes some kind of
scripting language. Doesn't seem doable.
> (Unfortunately even Lenovo makes switching the disk rather hard these days.
> :-/ But that's another topic.)
Doesn't mean much. For a desktop PC, swapping the disk is done in seconds.
> Yes, firmware password plus disk encryption.
What if I boot your computer using a USB stick and infect your disk decryption
routine? ;) I'm pretty sure there's something for every major disk encryption
software.
> TBH, I was under the impression that UEFI already supported disk encryption,
> so that there wasn't a gap.
Well, you can set an ATA password. But that doesn't encrypt the files on the
disk ;). It only locks certain ATA commands.
> But apparently that isn't the case, unfortunately. So, you're right Secure
> Boot would need to be supported. But not by the OS, just by the decrypting
> boot loader.
Exactly. That's why I never proposed changing the entire OS, only the loader.
See my initial proposal! :) And only as an option for later, *if* we go the
secure boot route. It's just that with signed packages we keep that option open.
> Anyway, it seems to me that to get a significant benefit out of supporting
> Secure Boot one would have to go to great length. I'm less and less convinced
> that it is worthwhile to consider it at all. And with it making package
> signing anything more than an optional feature mainly targeted at third
> parties.
Well, it's not great length. You use disk encryption and you only use secure
boot for the loader.
--
Jonathan
Other related posts: