LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Signed bootloader without verification?

Signed bootloader without verification?

Posted Jun 6, 2012 7:56 UTC (Wed) by Richard_J_Neill (subscriber, #23093)
Parent article: Fedora, secure boot, and an insecure future

Why can't we pay (once) for a signed bootloader which just boots Grub. Then Grub can chainload anything it wants. After all, a signed copy of Windows can still run unsigned applications from within Windows, so why not have a signed bootloader running an unsigned kernel.

From a UEFI perspective, that would be a major "security hole", but who gets to decide when a key is revoked? If there is a microsoft vulnerability for a particular signature, doesn't MS get to be the one to decide to revoke the key?

(Log in to post comments)

Signed bootloader without verification?

Posted Jun 6, 2012 10:00 UTC (Wed) by jamesh (guest, #1159) [Link]

Matthew's article mentions that. If you have a version of Grub that can boot in a secure boot scenario but will run any kernel, then it can be used to subvert the system (e.g. create a new UEFI environment that claims to have secure boot enabled and then boot Windows with it).

While Windows 8 lets you run unsigned applications, it seems that it won't let you load unsigned drivers so that is a bit different to Grub running arbitrary kernels.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds