[conspire] (forw) Re: [Felton LUG] Oh boy, this doesn't look good...
Rick Moen
rick at linuxmafia.com
Mon Aug 3 13:04:56 PDT 2020
Quoting Tony Godshall (tony at of.net):
> Exactly. I understand the desire for the former, but realistically
> it's mostly been used for tivoization or windows-only-ization.
Of course. But the world is fully of potentially useful techniques that
are mostly put to undesirable uses.
If I were given a method to enforce a fully crypto-verified boot chain
where I control the signing, where the tools are reasonably designed,
and where I can opt to switch to an unsigned boot chain any time I want,
I'd be glad to have that, as one more part of my system I know has not
been fooled with, without my leave.
Similarly, if there were hardware write-protection for storage devices
(hard drives, SSDs, flash drives), like the write-protect jumper on old
SCSI drives, that would be a useful tool. The advantage is analogous.
OTOH, hardware-level write-protection not under the owner's control
(but rather, say, that of a hardware vendor or a software company) would
be quite bad. Again, analogous.
More information about the conspire
mailing list