LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Garrett: Why UEFI secure boot is difficult for Linux

Garrett: Why UEFI secure boot is difficult for Linux

Posted Jan 18, 2012 17:50 UTC (Wed) by drag (subscriber, #31333)
In reply to: Garrett: Why UEFI secure boot is difficult for Linux by Kit
Parent article: Garrett: Why UEFI secure boot is difficult for Linux

They won't get their keys added.

What you'll have to do is take advantage of "custom mode" to allow a user/installer to use their own keys. This mode is described in the kernel.

As far as 'boot loader' malware, it's not rare to install data into the MBR to make it easier for your virus (or whatever) to re-infect a machine.

The latest Windows malware I have had the misfortune to run into latched itself into the NT kernel's block driver stack at the lowest level. It had the capability of creating new subvolumes on the root file system and installing itself to that. This little trick meant that even formatting the file system and re-installing Windows wasn't enough to get rid of it permanently (although it was not clear if it could somehow re-install itself in a new installation. It doubt that would be possible unless it hooked into the MBR or something like that).

(Log in to post comments)

Garrett: Why UEFI secure boot is difficult for Linux

Posted Jan 18, 2012 17:57 UTC (Wed) by drag (subscriber, #31333) [Link]

> This mode is described in the kernel.

uck. I meant "This mode is described in the article".

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds