Re: [GIT PULL] Load keys from signed PE binaries

[Matthew Garrett]

On Mon, Feb 25, 2013 at 08:43:59PM -0800, Linus Torvalds wrote:
> On Mon, Feb 25, 2013 at 8:23 PM, Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote:
> >
> > If the user has explicitly enrolled a hash then they're stepping outside
> > the trust model.
> 
> This is the kind of totally bogus crap that no sane person should ever
> spout. Stop it.
> 
> If the user has explicitly enrolled a hash, then that should be the
> *primary* trust model, dammit. That should be very much what you
> should care about first and foremost, and that should be your goal in
> life. That's when the user says "I'm in control of my own machine, and
> I want to trust *this*".

The user has stepped outside the original trust model ("I trust anything 
signed by Microsoft and only things signed by Microsoft") and into a new 
one ("I trust things that I say I trust"). That's a great thing for a 
user to do, but it also means that once the user's done it we don't need 
to give a fuck about what Microsoft think. They're irrelevant once the 
user's made that choice.

> It's not about "stepping outside of the trust model". Quite the
> reverse. It's about actually being *part* of the trust model, and
> taking control of your own machine. It's the *good* scenario. It's
> what you should encourage users to do.

I wholeheartedly agree.

-- 
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/