[conspire] (forw) Re: [Felton LUG] Oh boy, this doesn't look good...

[Ruben Safir]

On Thu, Jul 30, 2020 at 10:55:48AM -0700, Rick Moen wrote:
> Quoting Ruben Safir (ruben at mrbrklyn.com):
> 
> > 100% and that control is excersized by root.
> 
> If you control _when_ root is able to modify the boot chain, obviously
> you gain an additional degree of system protection, e.g., against
> interference by root-authority processes and persons messing with the
> boot chain without the owner's approval.  Again, this should be
> self-evident.


It is not self evident because when you apply a logical model to prblem,
adding cryptokeys fails to alter the logic or the function.

If the Root User has the Root Password, then he controls the computer
If the Root User has the Cyrpto Password, then he controls the computer

These are equal statements.


Putting another stitch in the chain that is controlled by the same
individial adds nothing but noise.

It is the same mathamtical function.

the individual who controls the root account controlls the access to the
cryptopassword...
nothing is gained.

The only thing that is gained is that someone OTHER than the human who
controls root can control the crypto chain, but that is not security, 
that is a business and extrotion model.

What made secure boot necessary was that they created an
enormous security vector with the new boot loader, which is essentailly
a stripped down version of the JAVA VM.  That now needs a new and
seperate secureity model, because it is a full blown turing device that
can play MicroSoft Pinball and FreeCell.  Without secureboot, you have
unfettered access to this mini-OS.  Now that is problematic to say the
least.  Fornutately, you generally need to have keyboard access to play
with it...but not necessarily.  There is no reason why the VM can't run
a network stack, if you can flash it with the right programming.


The cryptography that is so adamately requested for secureboot, can and
maybe should, be placed into a PAM module.