Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment Could be Interesting (Score 1) 99

I'm fairly certain this will be more trouble to enforce than they are bargaining for, and may have some knock on negative side-effects.

However, assuming it isn't a complete failure and social media use is decreased substantially, it may provide some interesting independent data about childrens mental health and social media use.

Comment A lot of Misunderstanding Here (Score 3, Interesting) 786

I think a lot of folks here are missing the point. The trouble is that the kernel running in secure boot mode has to be able to receive signed keys in a secure way (if you think secure boot is worth anything, many do not).

Linux running in secure boot mode is a done deal. The question is how do you import keys that are signed by Microsoft. In an ideal world you'd just upload the signed X.509 cert and you'd be done. Unfortunately, Microsoft will only sign PE binaries.

So the developers opted to enclose the X.509 cert in a PE binary. Unfortunately, that means the kernel needs to be able to read the PE binary and verify the signature all in kernel space, then extract the x,509 cert. This is undeniably messy.

Now lots of folks will argue that there's no point to this and it should be done in user space. I'm not going ti argue with that, but the reality is that most of the mechanics of this are already implemented, just not the PE stuff. You can sign kernel modules and verify them in kernel space with x.509 certs (at least by my reading of the thread).

Frankly, I think this is pretty much the only thing to do short of talking MS into signing x509 certs. The other suggested work-arounds involve additional authorities or doing stuff in user space. They are all workable, but are pretty clumsy compared to what's being proposed.

I think it may have been a mistake to just drop this ugly change on Linus without his involvement. My guess is that if the problem had been stated before coming up with a proposed implementaon, they might have come up with essentially the same solution with less drama.

Slashdot Top Deals

The number of arguments is unimportant unless some of them are correct. -- Ralph Hartley

Working...