[linux-elitists] Surveillance

Greg KH greg at kroah.com
Sun Sep 8 11:43:21 PDT 2013


On Sun, Sep 08, 2013 at 07:40:48PM +0200, Eugen Leitl wrote:
> On Sun, Sep 08, 2013 at 09:52:38AM -0700, Greg KH wrote:
> 
> > > A particular brand of notebook that takes coreboot, and where
> > > the proprietary blob-needing parts are physically removed, and 
> > > only hardware added that is supported by purely open source 
> > > drivers.
> > > 
> > > I'm sorry to be so vague, but have my reasons.
> > 
> > I don't believe you.  Seriously, I don't.  You really have a way to
> > "remove" the keyboard controller?  What about your USB host controller?
> > Oh, you are using PS/2?  What about the firmware in that controller
> > chip?  The microcode in the processor?
> 
> Obviously the modifications are not quite as radical, and are an attempt
> to reduce the attack surface, especially one for remote exploits.

Reducing the attack surface is great, but that's not what was asked
about here...

> > Open drivers aren't the real issue.  Hardware you can "trust" is.
> 
> I agree we need open, trustable hardware. But we're not yet there yet.

I'd argue that you never will be, you will always be behind the curve
here due to the nature of the hardware business model.  Specific
example, what about 40Gbit network adapters?  10Gbit?  1Gbit?  How far
back on the curve of current hardware capabilities do you have to go to
get "open" hardware?

> Meanwhile, we can reduce the number of weak points that are exploitable.
> Worse is better works.

I agree, but again, that wasn't what you claimed.

> > As you don't trust anyone, why should I trust you?
> 
> Sorry, I can't disclose any further details on a
> public mailing list. Can I use 0x6092693E or
> do you have a better key I can reach you with? 

6092693E is not for communication, it's a signing key (yeah, I left on
the encrypted portion, and didn't just generate a signing key, my fault,
sorry.)  My other "communication" key is on the keyservers, it should be
easy to find if you want to use it.

But how can you know to trust it, and me?  :)

greg k-h


More information about the linux-elitists mailing list