I disagree. They depend on different cryptographic primitives.
Video discs hold encrypted content. In order to be useful to the end-user, the decryption key needs to be available somehow to the disc player. Skimming over a few levels of complexity, it is that decryption key (or the means to it) that was uncovered in DVDs and Bluray discs.
In this case, the system's security is based on signatures, not encryption. It uses asymmetric keys, not symmetric. The public key is released as part of the certificate, but the private key is not needed for end-user functionality. It is only needed to create the signatures, not check them for validity. As long as the vendor keeps the private key secure, it's foolproof, as it is mathematically impractical to forge a signature through brute force with typical key lengths.
In practice, companies fail in security all the time. Witness Diginotar. They essentially had their private key stolen due to their horrendous security practices. If BIOS vendors become the primary gatekeeper for preventing Linux from running on certain machines, they can expect to be the primary targets for black-hats looking for those private keys.
Remember Palladium? Then NGSCB and Trusted Computing? Microsoft has been trying to solve this "problem" for many years. Through TPMs and Intel's TXT, it is finally becoming a reality for them. That it makes loading Linux difficult is just a beneficial side effect for them.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Is it just me?
Date: 2011-09-21 01:51 pm (UTC)Video discs hold encrypted content. In order to be useful to the end-user, the decryption key needs to be available somehow to the disc player. Skimming over a few levels of complexity, it is that decryption key (or the means to it) that was uncovered in DVDs and Bluray discs.
In this case, the system's security is based on signatures, not encryption. It uses asymmetric keys, not symmetric. The public key is released as part of the certificate, but the private key is not needed for end-user functionality. It is only needed to create the signatures, not check them for validity. As long as the vendor keeps the private key secure, it's foolproof, as it is mathematically impractical to forge a signature through brute force with typical key lengths.
In practice, companies fail in security all the time. Witness Diginotar. They essentially had their private key stolen due to their horrendous security practices. If BIOS vendors become the primary gatekeeper for preventing Linux from running on certain machines, they can expect to be the primary targets for black-hats looking for those private keys.
Remember Palladium? Then NGSCB and Trusted Computing? Microsoft has been trying to solve this "problem" for many years. Through TPMs and Intel's TXT, it is finally becoming a reality for them. That it makes loading Linux difficult is just a beneficial side effect for them.