LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Garrett: Why UEFI secure boot is difficult for Linux

Garrett: Why UEFI secure boot is difficult for Linux

Posted Jan 18, 2012 20:31 UTC (Wed) by drag (subscriber, #31333)
In reply to: Garrett: Why UEFI secure boot is difficult for Linux by marm
Parent article: Garrett: Why UEFI secure boot is difficult for Linux

>As long as you have a security hole in the system, which allows anybody to get superuser rights, it matters very little if you are able to secure the boot process or not. If you do, any malware can still gain root privileges just after bootup and hide itself from all security scans.

Sorta.

IF the hole allows the attacking software to subvert the kernel very close to boot up (say before your anti-virus starts) then a secure boot is not going to help you.

This potential for 'runtime hole' is the significant flaw to the system.

But it still provides you a advantage over the malware in that you can do things like update your kernel to a newer version and still be able to trust it. So if you find out that you have a security hole in your kernel and manage to patch it then you get a good chance of defeating the malware. Especially if your kernel has some anti-malware features built into it.

> A real remedy to most common security problems would be locking down applications, not the kernel.

Yes, ideally, you will want to only run perfectly secure applications with perfectly secure configurations and be a perfectly competent administrator.. but we know that is not going to be possible.

So this means that you still have a problem of detecting compromised systems when they occur. Right now Linux does not a effective solution. Having a 'secure chain of trust' at boot up is not a total solution in itself, but I think it's a necessary component.

(Log in to post comments)

Garrett: Why UEFI secure boot is difficult for Linux

Posted Jan 18, 2012 23:04 UTC (Wed) by marm (guest, #53705) [Link]

When I want to detect a compromised system, I can easily boot a different system from a safe media. This is easy and much more reliable than relying on secure boot features.

> Yes, ideally, you will want to only run perfectly secure applications with perfectly secure configurations and be a perfectly competent administrator.. but we know that is not going to be possible.

Still, even insecure applications can be sandboxed by the system, so that the harm they can incur is very limited.

As long as remote malware is easily able to delete all my files or upload them on RapidShare due to buggy applications, I do not really care if the rest of the OS is compromised.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds