[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
secure boot
From: |
Antonio Carlos Padoan Junior |
Subject: |
secure boot |
Date: |
Sat, 20 Aug 2022 13:23:18 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) |
Hello,
I hope my question makes sense. It concerns Guix grub UEFI bootloaders.
I would like to understand in which extent Guix functional approach
helps to secure the computer with regards to an early boot malicious
code/malware infection.
As far as I understand, Guix doesn't provide means to automatically sign
bootloaders and kernels in order to use UEFI secure boot after each system
reconfigure (assuming a PKI is properly implemented). Hence, using
secure boot with Guix is currently not viable (am i correct?).
In this context, can I assume that the risk of not having secure boot is
minimized by the fact that in each system reconfiguration, the early
boot chain is overwritten is such a way that, if a malicious is
introduced somehow, it will be also overwritten? Am I correct?
In addition, how much more difficult it is to introduce such malicious
code in a Guix system giving its functional approach and store system?
(in comparison with others Linux distributions).
I know that Guix provides an amazing approach to secure software supply
chain, but I as wondering if not having secure boot can be considered
a major drawback for Guix.
Best regards
--
Antonio Carlos PADOAN JUNIOR
GPG fingerprint:
243F 237F 2DD3 4DCA 4EA3 1341 2481 90F9 B421 A6C9
- secure boot,
Antonio Carlos Padoan Junior <=