[GTALUG] MP BIOS Toshiba - semi revival
R. Russell Reiter
rreiter91 at gmail.com
Wed Mar 18 14:46:07 UTC 2015
On March 18, 2015 10:34:42 AM EDT, Lennart Sorensen <lsorense at csclub.uwaterloo.ca> wrote:
>On Wed, Mar 18, 2015 at 04:17:52AM -0400, R Russell Reiter wrote:
>> I consider security in mission critical environments to be a valid
>purpose and note that enterprise is not necessarily mission critical
>whereas national security is uniformly considered to be very critical.
>
>If you want security, recompiling again and again is not a solution,
>it is a risk. Validating your binary with some kind of checksum would
>be useful. Sure you should compile it yourself from validated sources,
>and then sign the result, and then leave it alone and just check the
>signature each time you boot.
>
>> LI technology has improved in the last ten years and its true those
>improvements were drive by markets rather than government or national
>interests but those interests can and will take advantage of those
>improvements.
>>
>> Let me put it this way, would you deliberately not take advantage of
>a secure booting feature which because of hardware and software
>improvements, works with little or no added overhead?
>
>Yes I would. I despise secure boot. It has its use in a few special
>cases, but the wast majority of places it is being pushed is purely to
>try and control peoples hardware.
>
>Of course secure booting relies on signed binaries, and certainly does
>NOT support recompiling the code each time you boot.
>
>> You could do that as a matter of personal preference but in
>enterprise you would lose market share when your bank clients discover
>your system is not as secure as your competitors.
>>
>> So you only compile your critical dependency system once at runtime
>and if and when you make hardware or other critical changes you do it
>again. There are valid reasons to harden systems and keep them hard.
>You got 82000 hrs spin time from one of your drives, that's a lot of
>times between boots.
>
>There is no reason to trust your sources anymore than your precompiled
>binary at boot time, hence recompiling is plain stupid and serves no
>purpose. You turn it from a problem of validating your binary, to one
>of validating your compiler binary and your source code, and wasting a
>lot of time every boot. Compiling trusted code in a trusted
>environment
>and then signing it and using secure boot to validate the signed binary
>and running it does make sense, but compiling multiple times does not.
>
>> I don't just pull this stuff out from under my hat you know, I do a
>lot of reading. Its just that I'm limited to the stuff that's not above
>my pay grade or not otherwise trade secrets.
>
>Well it sure seems like you do a lot of the time.
--
Sent via K-9 Mail.
More information about the talk
mailing list