[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: secure boot
|
From: |
Tobias Platen |
|
Subject: |
Re: secure boot |
|
Date: |
Sat, 20 Aug 2022 14:18:46 +0200 |
|
User-agent: |
Evolution 3.38.3-1 |
That would be interesting, even on a Talos II, which has owner
controlled secure boot. There will be no need to sign with a Microsoft
key as most UEFI implementations do. There are two Microsoft keys, one
for Windows and one for all other OSes.
On Sat, 2022-08-20 at 13:23 +0200, Antonio Carlos Padoan Junior wrote:
> Hello,
>
> I hope my question makes sense. It concerns Guix grub UEFI
> bootloaders.
>
> I would like to understand in which extent Guix functional approach
> helps to secure the computer with regards to an early boot malicious
> code/malware infection.
>
> As far as I understand, Guix doesn't provide means to automatically
> sign
> bootloaders and kernels in order to use UEFI secure boot after each
> system
> reconfigure (assuming a PKI is properly implemented). Hence, using
> secure boot with Guix is currently not viable (am i correct?).
>
> In this context, can I assume that the risk of not having secure boot
> is
> minimized by the fact that in each system reconfiguration, the early
> boot chain is overwritten is such a way that, if a malicious is
> introduced somehow, it will be also overwritten? Am I correct?
>
> In addition, how much more difficult it is to introduce such
> malicious
> code in a Guix system giving its functional approach and store
> system?
> (in comparison with others Linux distributions).
>
> I know that Guix provides an amazing approach to secure software
> supply
> chain, but I as wondering if not having secure boot can be considered
> a major drawback for Guix.
>
> Best regards