Re: Cryptoloop patch for builtin default passphrase
From: Valdis . Kletnieks
Date: Mon Oct 25 2004 - 14:19:09 EST
On Mon, 25 Oct 2004 19:23:35 BST, Paulo Marques said:
> (why would you need confidential information to boot in the first place?)
The problem is not that the info in the NVRAM is "confidential",
but that most of it is "configuration".
Really sucks if you recable your SCSI controllers, the default boot disk
changes from controller 4, device 5, to controller 2, device 3 - and you
have to go and re-cable the OLD way, find the rescue CD, and fix /etc/fstab
so that you can boot in the same config that you installed the software?
Either that, or forever lose the use of "default boot device", and
have to specify it on every single boot if you want the software to work.
That *really* sucks if it's a rack-mount in a colo, you need to get physical
access to reboot....
> No it is not. You would just type in again *if* the contents of nvram
> got lost which shouldn't happen in the first place (or at least happen
> rarely).
So you change IRQ9 from level to edge trigger, or change "default boot order"
from "floppy, cd, hard drive" to "floppy, cd, hard drive, network", and
suddenly your software evaporates?
That certainly violates the Principle of Least Surprise, and why I asked
if it was an intended effect.
Attachment:
pgp00000.pgp
Description: PGP signature