A few things I'm wondering after reading this article, maybe someone could clarify for me...
Kernel modules - If I'm understanding this part correctly, the issue is that loading unsigned modules would be a security risk? If that's the case, couldn't Linux simply whitelist some necessary unsigned modules, such as nvidia and vmware, while refusing to load any others?
Key distribution - What exactly differentiates, say, Mint from Ubuntu, such that it would need a different key? At what point has a distro diverged to where it needs to have its own key? Is there some way a single "GNU Linux OS" key could be registered for all distributions?
Custom mode - Would it be unfair to assume that organizations planning to install Linux across thousands of workstations would choose to only buy hardware that allows for unattended installs? The market would seem to dictate this, even if the UEFI spec doesn't.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2012-02-16 06:31 am (UTC)Kernel modules - If I'm understanding this part correctly, the issue is that loading unsigned modules would be a security risk? If that's the case, couldn't Linux simply whitelist some necessary unsigned modules, such as nvidia and vmware, while refusing to load any others?
Key distribution - What exactly differentiates, say, Mint from Ubuntu, such that it would need a different key? At what point has a distro diverged to where it needs to have its own key? Is there some way a single "GNU Linux OS" key could be registered for all distributions?
Custom mode - Would it be unfair to assume that organizations planning to install Linux across thousands of workstations would choose to only buy hardware that allows for unattended installs? The market would seem to dictate this, even if the UEFI spec doesn't.