mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-02-03 23:40:14 +08:00
Xingyu Wang
parent
093e8fb896
commit
c4f75f8fd4
@ -0,0 +1,93 @@
|
||||
[#]: subject: "Secure Boot Disabled? GNOME Will Soon Warn You About it!"
|
||||
[#]: via: "https://news.itsfoss.com/gnome-secure-boot-warning/"
|
||||
[#]: author: "Anuj Sharma https://news.itsfoss.com/author/anuj/"
|
||||
[#]: collector: "lujun9972"
|
||||
[#]: translator: "wxy"
|
||||
[#]: reviewer: "wxy"
|
||||
[#]: publisher: "wxy"
|
||||
[#]: url: "https://linux.cn/article-14892-1.html"
|
||||
|
||||
如果禁用了安全启动,GNOME 就会发出警告
|
||||
======
|
||||
|
||||
> GNOME 正计划通知用户其固件安全状态,来保护不安全的硬件。
|
||||
|
||||
|
||||
|
||||
当你在支持 UEFI 的电脑上安装 Linux 时,你必须禁用“<ruby>安全启动<rt>Secure Boot</rt></ruby>”,因为启用该选项后,不能使用<ruby>现场 USB<rt>Live USB</rt></ruby> 启动。
|
||||
|
||||
一些主流的 Linux 发行版支持安全启动,但对于许多其他发行版(以及板载的 Nvidia 硬件)来说,它的设置仍然具有挑战性。
|
||||
|
||||
虽然一年又一年,情况似乎并没有改善,但总的来说,安全启动是一个必不可少的保护功能。
|
||||
|
||||
因此,正如 [Phoronix][1] 所发现的,为了方便和让用户意识到这一点,GNOME 和红帽的开发者正在努力在安全启动被禁用时通知(或警告)用户。
|
||||
|
||||
### 它有什么用?
|
||||
|
||||
UEFI/安全启动被批评为 DRM,因为它剥夺了用户的自由。开源社区的许多人仍然不赞同实施 UEFI/安全启动和 TPM,因为它带来了不便。这就催生了像 [Coreboot][2] 这样的项目在开源世界中蓬勃发展。
|
||||
|
||||
当然,如果你每天都用 Linux,我会建议你购买支持 Coreboot 的新硬件,这是一个不同的故事。
|
||||
|
||||
话虽如此,但可以肯定的是,安全启动是最简单的方法。
|
||||
|
||||
考虑到捆绑的专有固件,安全启动的安全性仍然值得商榷。但是,它是一个确保系统的固件安全的基本保护机制。
|
||||
|
||||
所以,开发者准备在启动闪屏([Plymouth][3])、GNOME 显示管理器(GDM)和 GNOME 控制中心显示警告。
|
||||
|
||||
![图片来源:GNOME 博客][4]
|
||||
|
||||
GNOME 的一位开发者在 [博客文章][5] 中分享了它的更多细节,同时给出了其中的一些屏幕截图。
|
||||
|
||||
![][6]
|
||||
|
||||
一位来自红帽的开发者在 [合并请求][7] 中提到。
|
||||
|
||||
> 安全启动被用来对付一些恶意软件试图感染系统的固件的安全威胁。用户可能会无意中禁用或软件可能会有意禁用安全启动。因此,配置不正确的话,系统就运行在一个不安全的平台上。如果启动闪屏能向用户提供一个警告,用户可以重新启动并重新配置他们的系统,或者立即寻求帮助。
|
||||
|
||||
所以,作为一个 GNOME 用户,当它进入 GNOME 43 的最终版本或任何未来的版本时,我乐于看到它所带来的变化。
|
||||
|
||||
如果你也想看看,你可以在 GNOME 控制中心的“<ruby>隐私<rt>Privacy</rt></ruby>”标签下的“<ruby>设备安全<rt>Device Security</rt></ruby>”部分找到这个选项,如下图所示,我的机器在 Arch Linux 上运行 GNOME 43 alpha。
|
||||
|
||||
![][8]
|
||||
|
||||
该菜单还可以显示 TPM、英特尔 BootGuard 和 IOMMU 保护的细节。
|
||||
|
||||
![][9]
|
||||
|
||||
看来我的系统并不像我想象的那么安全……但也许这就是这个功能的意义所在?
|
||||
|
||||
如果你只在你的 Linux 发行版上使用 UEFI 模式,并且为了方便而关闭了安全保护功能,这能让你意识到这一点吗?
|
||||
|
||||
有可能。但是,看看 Linux 发行版的状况和启用安全启动的问题。我不觉得这可能会是一个大问题。我们很快就会知道了。
|
||||
|
||||
### 如何禁用这个警告?
|
||||
|
||||
正如在 GNOME Gitlab 的 [合并请求][10] 中提到的,在你的内核参数中添加 `sb-check=false` 就可以禁用这些警告。
|
||||
|
||||
不过,作为终端用户,你不需要担心这个问题。
|
||||
|
||||
你对即将在 GNOME 43 或更高版本中增加的这个功能有什么看法?你对 UEFI/安全启动有什么看法?
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://news.itsfoss.com/gnome-secure-boot-warning/
|
||||
|
||||
作者:[Anuj Sharma][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[wxy](https://github.com/wxy)
|
||||
校对:[wxy](https://github.com/wxy)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://news.itsfoss.com/author/anuj/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://www.phoronix.com/news/GNOME-Secure-Boot-Warning
|
||||
[2]: https://www.coreboot.org/
|
||||
[3]: https://gitlab.freedesktop.org/plymouth
|
||||
[4]: https://news.itsfoss.com/wp-content/uploads/2022/08/gnome-secure-boot-mockup.png
|
||||
[5]: https://blogs.gnome.org/hughsie/2022/07/29/emulated-host-profiles-in-fwupd/
|
||||
[6]: https://news.itsfoss.com/wp-content/uploads/2022/08/boot-security.png
|
||||
[7]: https://gitlab.freedesktop.org/plymouth/plymouth/-/merge_requests/176
|
||||
[8]: https://news.itsfoss.com/wp-content/uploads/2022/07/secure-boot-gnome.png
|
||||
[9]: https://news.itsfoss.com/wp-content/uploads/2022/07/secure-boot-gnome1.png
|
||||
[10]: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2333
|
||||
@ -1,89 +0,0 @@
|
||||
[#]: subject: "Secure Boot Disabled? GNOME Will Soon Warn You About it!"
|
||||
[#]: via: "https://news.itsfoss.com/gnome-secure-boot-warning/"
|
||||
[#]: author: "Anuj Sharma https://news.itsfoss.com/author/anuj/"
|
||||
[#]: collector: "lujun9972"
|
||||
[#]: translator: " "
|
||||
[#]: reviewer: " "
|
||||
[#]: publisher: " "
|
||||
[#]: url: " "
|
||||
|
||||
Secure Boot Disabled? GNOME Will Soon Warn You About it!
|
||||
======
|
||||
|
||||
When you install Linux on your UEFI-enabled computer, you have to disable _Secure Boot_ because the live USB will refuse to boot with the option enabled.
|
||||
|
||||
Some mainstream Linux distributions support Secure Boot, but it is still challenging to set up for many other distributions (and with Nvidia hardware onboard).
|
||||
|
||||
While things may not have improved over the years, Secure Boot is an essential protection feature in general.
|
||||
|
||||
So, for the sake of convenience and make users aware of it, GNOME and Red Hat developers are working on notifying (or warning) the user if **Secure Boot** is disabled, as spotted by [Phoronix][1].
|
||||
|
||||
### How is it Useful?
|
||||
|
||||
UEFI/Secure boot has been criticized for the DRM as it takes away the freedom from users. Many in the open source community still disagree with the implementation of UEFI/Secure Boot and TPM as it came as an inconvenience. This has given birth to projects like [Coreboot][2], flourishing in the open-source world.
|
||||
|
||||
Of course, I would advise you to purchase new hardware with Coreboot support if you daily drive Linux, which is a different story.
|
||||
|
||||
That said, it is safe to mention that Secure Boot is the easy way out.
|
||||
|
||||
Secure Boot’s security is still debatable, considering the proprietary firmware bundled. But, it is a fundamental protection mechanism to secure the system’s firmware.
|
||||
|
||||
So, the developers are preparing to show the warnings in [Plymouth][3] (boot splash screen), **GNOME Display Manager** (GDM), and **GNOME Control Center**.
|
||||
|
||||
![Image Credits: GNOME Blog][4]
|
||||
|
||||
One of the GNOME developers shared more details on it in a [blog post][5] while sharing some of these screenshots.
|
||||
|
||||
![][6]
|
||||
|
||||
A **Red Hat developer** mentions in the [merge request][7]:
|
||||
|
||||
> Secure boot is used against several security threats when malware tries to infect the firmware of the system. Users may inadvertently disable or software may intentionally disable the secure boot. Consequently, the system is running on an insecure platform with incorrect configuration. If Plymouth could offer a warning to the user, the user could reboot and reconfigure their system or asks for help immediately.
|
||||
|
||||
So, as a GNOME user, I think it should be interesting to see the difference it makes when it gets to the final release of GNOME 43 or any future releases.
|
||||
|
||||
If you are curious, you can find this option under the **Device Security** section of the **Privacy** tab in GNOME Control Center, as shown in the screenshot below of my system running GNOME 43 alpha on Arch Linux:
|
||||
|
||||
![][8]
|
||||
|
||||
The menu can also show TPM, Intel BootGuard, and IOMMU protection details:
|
||||
|
||||
![][9]
|
||||
|
||||
It seems my system is not as secure as I thought… But maybe that’s the point of this feature?
|
||||
|
||||
If you only used UEFI mode with your Linux distribution and had the protection features disabled for convenience, _could this make you aware of it?_
|
||||
|
||||
Probably. But, looking at the state of Linux distributions and the issues with enabling secure boot. I’m not confident if it would be that big of a deal. We shall find out soon.
|
||||
|
||||
### How to Disable the Warnings?
|
||||
|
||||
As mentioned in the [merge request][10] on GNOME Gitlab, adding `sb-check=false` to your kernel parameters will disable all these warnings.
|
||||
|
||||
You do not need to worry about it as an end-user, though.
|
||||
|
||||
_What do you think about this upcoming feature addition to GNOME 43 or later? What is your opinion about UEFI/Secure Boot?_
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://news.itsfoss.com/gnome-secure-boot-warning/
|
||||
|
||||
作者:[Anuj Sharma][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://news.itsfoss.com/author/anuj/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://www.phoronix.com/news/GNOME-Secure-Boot-Warning
|
||||
[2]: https://www.coreboot.org/
|
||||
[3]: https://gitlab.freedesktop.org/plymouth
|
||||
[4]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjUxOSIgd2lkdGg9IjYxMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
|
||||
[5]: https://blogs.gnome.org/hughsie/2022/07/29/emulated-host-profiles-in-fwupd/
|
||||
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjM1MiIgd2lkdGg9IjEwMjQiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmVyc2lvbj0iMS4xIi8+
|
||||
[7]: https://gitlab.freedesktop.org/plymouth/plymouth/-/merge_requests/176
|
||||
[8]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjcwOCIgd2lkdGg9IjEwMjQiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmVyc2lvbj0iMS4xIi8+
|
||||
[9]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjY3MiIgd2lkdGg9IjYyMiIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
|
||||
[10]: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2333
|
||||
Loading…
Reference in New Issue
Block a user