No signed kernel, just a signed boot loader
Posted Jun 25, 2012 21:00 UTC (Mon) by dashesy
In reply to: No signed kernel, just a signed boot loader
Parent article: Details on Ubuntu's UEFI secure boot plan
If they alter Windows userspace then the malware checking code that's started before any other userspace will notice.
Sure it should not be hard to fool malware checking code to believe that nothing is tinkered with, otherwise we already could have perfect anti-malware but we do not.
If Windows user space program can be changed, Windows registry hives would be the target. Registry among other things controls many aspects of the NT kernel and some drivers, and maybe the secureboot itself
BTW, I am not sure if Microsoft can afford denying its superusers from changing registry because in the practical world one most likely will need it
to post comments)