| |||||||||||||
No signed kernel, just a signed boot loaderNo signed kernel, just a signed boot loaderPosted Jun 25, 2012 22:47 UTC (Mon) by dashesy (subscriber, #74652)In reply to: No signed kernel, just a signed boot loader by raven667 Parent article: Details on Ubuntu's UEFI secure boot plan
True, but if secure boot relies on some sort of access controls or file protection (applied by NT kernel) any root access to the file-system can be used to circumvent the integrity of the entire system. OS kernel alone is not interesting. Malware can for example add its root certificate and set a startup service to install a driver on the next boot, there are probably some more creative ways to achieve the same thing.
(Log in to post comments)
No signed kernel, just a signed boot loader Posted Jun 25, 2012 23:01 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]
No it can't. Device drivers (and other critical system code) have to be signed.
No signed kernel, just a signed boot loader Posted Jun 25, 2012 23:22 UTC (Mon) by dashesy (subscriber, #74652) [Link] I am assuming Malware is running under a legitimate Linux kernel (with no bugs) messing with Windows partition with full access right. So something like DISABLE_INTEGRITY_CHECKS in boot.ini no longer works on Windows 8? Also root can no longer use CertMgr to add custom certificate for custom signed drivers?My point is that, with the complexity of NT, by having root access to those bits and bytes the attack surface is so tremendous there is probably no need to have an unsigned Linux kernel
No signed kernel, just a signed boot loader Posted Jun 25, 2012 23:27 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]
>I am assuming Malware is running under a legitimate Linux kernel (with no bugs) messing with Windows partition with full access right. So something like DISABLE_INTEGRITY_CHECKS in boot.ini no longer works on Windows 8? Also root can no longer use CertMgr to add custom certificate for custom signed drivers?
Nope. Neither DDISABLE_INTEGRITY_CHECKS nor installing your own certificates will work if secure boot is enabled.
Drivers have to be signed by MS's certificate to be installable.
>My point is that, with the complexity of NT, by having root access to those bits and bytes the attack surface is so tremendous there is probably no need to have an unsigned Linux kernel
No signed kernel, just a signed boot loader Posted Jun 25, 2012 23:27 UTC (Mon) by mjg59 (subscriber, #23239) [Link]
DISABLE_INTEGRITY_CHECKS no longer works unless you disable secure boot. Ditto any custom certificates.
No signed kernel, just a signed boot loader Posted Jun 26, 2012 6:45 UTC (Tue) by slashdot (guest, #22014) [Link]
How about just installing a Windows service or putting something in the Startup folder or CurrentVersion\Run or /etc/init or .config/autostart in Linux, etc.?
Will anything prevent that software from starting and then going full screen and imitating the normal Windows GUI while behaving arbitrarily at the discretion of the malware writer?
If they block any autostart of non-Microsoft-signed programs, they'll break a ton of existing setups, while otherwise secure boot will provide no security whatsoever.
No signed kernel, just a signed boot loader Posted Jun 26, 2012 13:29 UTC (Tue) by mjg59 (subscriber, #23239) [Link]
Windows starts the malware checking code before it launches any other userspace.
No signed kernel, just a signed boot loader Posted Jun 25, 2012 23:12 UTC (Mon) by mjg59 (subscriber, #23239) [Link]
Yes, so it's a good thing that secure boot doesn't rely on that. Really, commenting on this without at least skimming the spec does not further the discussion.
|
|||||||||||||