[GTALUG] MP BIOS Toshiba - semi revival

Lennart Sorensen lsorense at csclub.uwaterloo.ca
Wed Mar 18 14:34:42 UTC 2015 

On Wed, Mar 18, 2015 at 04:17:52AM -0400, R Russell Reiter wrote:
> I consider  security in mission critical environments to be a valid purpose and note that enterprise is not necessarily mission critical whereas national security is uniformly considered to be very critical.

If you want security, recompiling again and again is not a solution,
it is a risk.  Validating your binary with some kind of checksum would
be useful.  Sure you should compile it yourself from validated sources,
and then sign the result, and then leave it alone and just check the
signature each time you boot.

> LI technology has improved in the last ten years and its true those improvements were drive by markets rather than government or national interests but those interests can and will take advantage of those improvements.
> 
> Let me put it this way, would you deliberately not take advantage of a secure booting feature which  because of hardware and software improvements, works with little or no added overhead? 

Yes I would.  I despise secure boot.  It has its use in a few special
cases, but the wast majority of places it is being pushed is purely to
try and control peoples hardware.

Of course secure booting relies on signed binaries, and certainly does
NOT support recompiling the code each time you boot.

> You could do that as a matter of personal preference but in enterprise you would lose market share when your bank clients discover your system is not as secure as your competitors.
> 
> So you only compile your critical dependency system once at runtime and if and when you make hardware or other critical changes you do it again. There are valid reasons to harden systems and keep them hard. You got 82000 hrs spin time from one of your drives, that's a lot of times between boots.

There is no reason to trust your sources anymore than your precompiled
binary at boot time, hence recompiling is plain stupid and serves no
purpose.  You turn it from a problem of validating your binary, to one
of validating your compiler binary and your source code, and wasting a
lot of time every boot.  Compiling trusted code in a trusted environment
and then signing it and using secure boot to validate the signed binary
and running it does make sense, but compiling multiple times does not.

> I don't just pull this stuff out from under my hat you know, I do a lot of reading. Its just that I'm limited to the stuff that's not above my pay grade or not otherwise trade secrets.

Well it sure seems like you do a lot of the time.

-- 
Len Sorensen

More information about the talk mailing list