[ale] OT: micro mini nano PC
Boris Borisov
bugyatl at gmail.com
Thu Feb 4 17:10:38 EST 2016
We went away from topic anyway. Why not one more :)
http://fossbytes.com/running-this-little-command-in-linux-can-kill-some-laptops-permanently/
On Feb 1, 2016 11:05 AM, "Phil Turmel" <philip at turmel.org> wrote:
> On 02/01/2016 10:33 AM, Steve Litt wrote:
> > On Mon, 01 Feb 2016 06:25:42 +0300
> > damon at damtek.com wrote:
>
> >> Well, actually, its to protect against a blue pill exploits where a
> >> hypervisor "lifts" the OS off of the hardware and at that time the OS
> >> does not know it is virtualized and the exploiter has complete,
> >> uncontested control and access to the OS. In theory it is OS agnostic
> >> and has been proofed in the lab. I don't know of any wild exploits.
> >
> > Like so many other things, this is a tradeoff. Yes, secure boot
> > protects from an exploit below the level of the OS, and might be the
> > only practical way to do so. On the other hand, it restricts you to
> > software possessing a key that costs money. Worse, a key signed by
> > Microsoft.
> >
> > No problem: The purchaser gets to leave it on or turn it off. Oops, not
> > any more. Hardware manufacturers can choose to remove the on/off
> > switch, and worse yet, that on/off switch *never* appears on their
> > specification sheets, so you guess and return. Or more likely, many
> > people are assimilated into the Redhat SuSE Debian Ubuntu conglomerate.
>
> But if you *do* have a mobo with configurable secure boot, you can
> replace the certificates with your own, then sign your own kernels.
> Then *nothing* will run before your OS on that box.
>
> http://kroah.com/log/blog/2013/09/02/booting-a-self-signed-linux-kernel/
>
> Phil
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20160204/76c274fb/attachment.html>
More information about the Ale
mailing list