[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: secure boot
|
From: |
Josselin Poiret |
|
Subject: |
Re: secure boot |
|
Date: |
Tue, 23 Aug 2022 09:42:35 +0200 |
Hi Antonio,
Antonio Carlos Padoan Junior <acpadoanjr@yahoo.com.br> writes:
> Can we imagine signing the kernel outside the guix layer, I mean,
> directly into the store without using guix commands? I understand this
> would break conceptually the Guix functional characterization, and it is
> not very "clean". But despite these points, any other side effects expected?
This subject has been discussed a bit in the past. My opinion on what
you're suggesting is that:
* We should not modify the store in place. This is bound to create problems
for the user, because we'd be breaking the Guix guarantees.
* You could sign it out of the store. Basically, something like `sign
/gnu/store/xxxxxx-bzImage > /boot/bzImage_signed`. However, this poses
problems with generations, since either we prohibit loading older
generations, which is a huge step backwards, or we sign all of the older
generations as well, which will take a non-negligible amount of space.
In that case, we'd also need to keep track of the different signed
kernels that are sitting in /boot to be able to clean them up when the
generations are deleted.
It's not an easy problem unfortunately, and the number of people whose
threat model requires such a thing is slim, hence the lack of work in
that direction.
Best,
--
Josselin Poiret
- secure boot, Antonio Carlos Padoan Junior, 2022/08/20
- Re: secure boot, Tobias Platen, 2022/08/20
- Re: secure boot, Josselin Poiret, 2022/08/21
- Re: secure boot, Antonio Carlos Padoan Junior, 2022/08/22
- Re: secure boot,
Josselin Poiret <=
- Re: secure boot, Antonio Carlos Padoan Junior, 2022/08/23
- Re: secure boot, Philip McGrath, 2022/08/23