Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
but if you can make UEFI boot under a virtualization environment, doesn't that completely obviate the security it was supposed to provide in the first place?
A UEFI secure boot and TianoCore info page
Posted Jul 17, 2012 17:43 UTC (Tue) by Lennie (subscriber, #49641)
Also, we have 2 siutations:
The BIOS/firmware checks the OS-kernel, bootloader and driver at boot to see if they have not been tempered with.
The hypervisor or similair software running the VM checks the OS-kernel, bootloader and drivers of the VM at startup of the VM to see if they have not been tempered with.
How would it be less secure ?
I'm not aware of the OS (running on the bare metal or in the VM) checking the firmware and bootloader too. If that was true, then yes the VM could probably be fooled.
If there was some mechanism for the VM to check it's environment. You could obviously sign the firmware/BIOS, OS-kernel, bootloader, drivers and the hypervisor and the OS-kernel, drivers and bootloader of the VM too.
In that case I wouldn't be surprised if some vendor would eventually do it, maybe even with TPM-support who knows.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds