LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Signed bootloader without verification?

Signed bootloader without verification?

Posted Jun 6, 2012 10:00 UTC (Wed) by jamesh (guest, #1159)
In reply to: Signed bootloader without verification? by Richard_J_Neill
Parent article: Fedora, secure boot, and an insecure future

Matthew's article mentions that. If you have a version of Grub that can boot in a secure boot scenario but will run any kernel, then it can be used to subvert the system (e.g. create a new UEFI environment that claims to have secure boot enabled and then boot Windows with it).

While Windows 8 lets you run unsigned applications, it seems that it won't let you load unsigned drivers so that is a bit different to Grub running arbitrary kernels.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds