LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Other long term problems

Other long term problems

Posted Jun 7, 2012 11:45 UTC (Thu) by lemmings (subscriber, #53618)
In reply to: Other long term problems by dgm
Parent article: Fedora, secure boot, and an insecure future

> To help us calibrate how real the threat is, can you please give an actual (non theoretical) example?

Secure boot is the foundation for protecting the entire boot sequence.

Right now, if my Linux machine has init (or equivalent), the kernel, grub (or equivalent) or any other software used in the boot sequence modified by malware, then I am screwed. It could be very difficult to nearly impossible to detect the compromise.

A secure boot enabled system will result in a compromised system failing to boot (assuming all software in the boot sequence chain has its signature checked).

(Log in to post comments)

Other long term problems

Posted Jun 7, 2012 13:43 UTC (Thu) by dgm (subscriber, #49227) [Link]

We all understand the theory, thanks. What I was (and still am) asking for is a _real_ example. Surely, If Microsoft is pushing this so hard it has to be because customers are clamoring at they doors with their compromised systems in their hands, no?

Other long term problems

Posted Jun 7, 2012 19:13 UTC (Thu) by apoelstra (subscriber, #75205) [Link]

I don't think you're going to find a real example, because as the parent post said, it would be next-to-impossible to detect a compromised kernel even if one was out there.

But I do think that Microsoft has people bugging them for peace-of-mind. For example, for the most part I keep a pretty careful eye on what's installed on my system and what it does, but I have only a vague idea of what the kernel and systemd are doing, and what they should be allowed to do. So I don't actually know if they're legitimate.

Now, my system is weird and useless enough that I don't worry about these things, but if it was storing customer information, subject to PCI audits, facing the Internet, etc, I would worry.

Other long term problems

Posted Jun 14, 2012 3:03 UTC (Thu) by slashdot (guest, #22014) [Link]

I predict that it will boot fine using the Awesome Genuine Trusted Signed Bootloader and Kernel, and then also happily run the malware from /etc/init, $HOME/.config/autostart, or similar.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds