Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unsafe usb boot of iso files without integrity verification #1886

Open
arhabd opened this issue Jan 14, 2025 · 4 comments
Open

unsafe usb boot of iso files without integrity verification #1886

arhabd opened this issue Jan 14, 2025 · 4 comments

Comments

@arhabd
Copy link
Contributor

arhabd commented Jan 14, 2025

Is your feature request related to a problem? Please describe.
When i want to boot into live debian i cant due to no detached signature

Describe the solution you'd like
a menu option similare to the normal unsafe boot but for usb devices ie no security checks that iso is safe

Describe alternatives you've considered
currently i swap bios when debian live is needed

Additional context
this might be a band aid solution for #1320
@tlaurion
Copy link
Collaborator

tlaurion commented Jan 15, 2025
edited
Loading

I answered in detail under this matrix channel thread.

I didn't understand why this is requested per that discussion thread.
Proper solution pseudocode under #1438 (comment)

@tlaurion
Copy link
Collaborator

I answered in detail under this matrix channel thread.

I didn't understand why this is requested per that discussion thread. Proper solution pseudocode under #1438 (comment)

CC @arhabd

@tlaurion
Copy link
Collaborator

@JonathonHall-Purism agrees unsafe booting of unverified probably corrupted iso files is a desired feature at #1438 (comment)

@tlaurion tlaurion changed the title unsafe usb boot unsafe usb boot of iso files without integrity verification Jan 15, 2025
@arhabd
Copy link
Contributor Author

arhabd commented Jan 16, 2025

replying and quoting some messages from matrix here on github for documentation as requested by @tlaurion

I'm a bit confused reading this issue about distros not providing detached signed isos and what generic instructions are missing for you to actually sign those isos yourself without needing Heads to change?

I'm not sure why I should implement a unsafe (and unsecure and really often reported to Heads problems ) because ISO is actually either broken by download and where no integrity validation would result in Heads receiving reports because of user error or bad/cheap USB thumb drive or mismanipulations.

I am not enticed myself into creating code that will result in more issues opened under Heads. Which would resolve in more time involvement on my side that would result into
"Your ISO seems broken, have you verified the checksums provided by the distrubution and upstream instructions"
I'm really not looking into dealing with this, are you?

i think the issue is less about how i should go about things but more in regards to how i cant go about things i am well aware that i could sign the iso but the issue is more that i feel i shouldnt have to if i am aware of the issues that might bring such as your examples about corrupted isos or maybe even malicous isos it should still be an option maybe at compile time to choose to enable this unsafe usb boot so only people who self compiled heads can even be presented with this option that should mitigate your worries about issues from non technical users that dont verify the hash or what not

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tlaurion @arhabd