[ Trimming some quoting! ]
On Tue, Jun 04, 2019 at 11:17:09AM -0400, Francois Ozog wrote:
On Tue, 4 Jun 2019 at 10:57, Ard Biesheuvel ard.biesheuvel@linaro.org
Yes, that makes sense. But the problem is that UEFI secure boot does not support this model. An image is considered valid if it authenticates against any of the keys in db. And any key in KEK can sign updates to db and dbx. And today's current practice is to include Microsoft keys in both KEK and db.
I have argued time and time again that this is entirely broken as a security model. Any db update that Microsoft has ever signed can be applied to my brand new arm64 system (unless it has been blacklisted explicitly, and my vendor has bothered to ship with an up to date dbt)
I am perfectly happen to reopen that debate as well, by the way :-)
Is it correct to say that Msft could revoke selective keys and prevent the boot of selected devices? If true, in the current geopolitical context, I would assume this is not acceptable... and distros may not have the final word here as it may be regulatory costrainst or customer requirement.
Technically yes, but actually updating the revocation and blacklists is quite rare. It would be up to the user (or some user-enabled software) to take the updates.
Cheers,