For security purposes, wouldn't it be enough for the mechanism to simply display... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

stcredzero on July 2, 2012 | parent | context | favorite | on: FSF recommendations for free OS distributions cons...

For security purposes, wouldn't it be enough for the mechanism to simply display a change in the signing status, and not restrict boot? This would allow for the detection of malware without restricting how people use their hardware.

Displaying or dismissing such a notification needs to be built into the hardware in such a way that the OS wouldn't be able to interfere. There should also be a read-only channel for applications running on the OS to access the signing status to enable security programs.

MichaelGG on July 2, 2012 [–]

It's pretty well agreed that notifying the user and allowing them to dismiss the notification is a useless security model.

stcredzero on July 3, 2012 | [–]

Which is why you also have the ability for security programs to access the same information.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact