<p dir="ltr">We went away from topic anyway. Why not one more :)</p>
<p dir="ltr"><a href="http://fossbytes.com/running-this-little-command-in-linux-can-kill-some-laptops-permanently/">http://fossbytes.com/running-this-little-command-in-linux-can-kill-some-laptops-permanently/</a></p>
<div class="gmail_quote">On Feb 1, 2016 11:05 AM, "Phil Turmel" <<a href="mailto:philip@turmel.org">philip@turmel.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 02/01/2016 10:33 AM, Steve Litt wrote:<br>
> On Mon, 01 Feb 2016 06:25:42 +0300<br>
> <a href="mailto:damon@damtek.com">damon@damtek.com</a> wrote:<br>
<br>
>> Well, actually, its to protect against a blue pill exploits where a<br>
>> hypervisor "lifts" the OS off of the hardware and at that time the OS<br>
>> does not know it is virtualized and the exploiter has complete,<br>
>> uncontested control and access to the OS. In theory it is OS agnostic<br>
>> and has been proofed in the lab. I don't know of any wild exploits.<br>
><br>
> Like so many other things, this is a tradeoff. Yes, secure boot<br>
> protects from an exploit below the level of the OS, and might be the<br>
> only practical way to do so. On the other hand, it restricts you to<br>
> software possessing a key that costs money. Worse, a key signed by<br>
> Microsoft.<br>
><br>
> No problem: The purchaser gets to leave it on or turn it off. Oops, not<br>
> any more. Hardware manufacturers can choose to remove the on/off<br>
> switch, and worse yet, that on/off switch *never* appears on their<br>
> specification sheets, so you guess and return. Or more likely, many<br>
> people are assimilated into the Redhat SuSE Debian Ubuntu conglomerate.<br>
<br>
But if you *do* have a mobo with configurable secure boot, you can<br>
replace the certificates with your own, then sign your own kernels.<br>
Then *nothing* will run before your OS on that box.<br>
<br>
<a href="http://kroah.com/log/blog/2013/09/02/booting-a-self-signed-linux-kernel/" rel="noreferrer" target="_blank">http://kroah.com/log/blog/2013/09/02/booting-a-self-signed-linux-kernel/</a><br>
<br>
Phil<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div>