Code signing & signed kernels.

Alain De Vos

Alain De Vos

Do singed kernels are more secure than unsinged? Or do they give a real or false fealing of security ? Or are "loaders" taking over.
Just like position independent code i feel signing kernels does not much inprove security.
(To write a virus I would use javascript in a pdf file and then hide in the Recycler.bin of an NTFS filesystem.)
 
Kernels are signed now? I fail to understand your question, there's only one FreeBSD kernel.

Ah, offtopic forum. Not talking about Linux again I guess? ;)
 
So I return to freebsd.
There is periodic, there is a check for files with setuid and a mail to root.
pkg check -sa
Is this worth-full or not ?
 
¿Do you mean secure boot?

FreeBSD UEFI Secure Boot | FreeBSD Foundation

1. Introduction Secure boot provides a way to ensure that only authorized EFI binaries are loaded by a computer's firmware. This ensures that no malicious code can run before the operating system is loaded. This document describes one method of securing FreeBSD's boot process. FreeBSD's regular...
freebsdfoundation.org freebsdfoundation.org

On my PCs I disable it, I remember it being controversial when it was introduced in Windows but never bothered to read more about it.
 
The BIOS in my HP PC thinks I only use Windows. :)
I don't even want to upgrade the BIOS because then I need to first install Windows , upgrade the BIOS, change video cards, configure bios, and then change video cards back. It's a form of vendor-lock-in. By making stuff complicated. I use legacy-boot.
 
Alain De Vos said:
The BIOS in my HP PC thinks I only use Windows. :)
I don't even want to upgrade the BIOS because then I need to first install Windows , upgrade the BIOS, change video cards, configure bios, and then change video cards back. It's a form of vendor-lock-in. By making stuff complicated. I use legacy-boot.
Click to expand...
I have encountered several HP computers that do not play well with FreeBSD UEFI boot. It is better to stay with legacy BIOS boot and to not worry about secure boot on them.
 
You must log in or register to reply here.
Back
Top