LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A UEFI secure boot and TianoCore info page

A UEFI secure boot and TianoCore info page

Posted Jul 17, 2012 17:43 UTC (Tue) by Lennie (subscriber, #49641)
In reply to: A UEFI secure boot and TianoCore info page by Baylink
Parent article: A UEFI secure boot and TianoCore info page

One thing it is useful for, as I understand it, is as a UEFI developer environment.

Also, we have 2 siutations:

The BIOS/firmware checks the OS-kernel, bootloader and driver at boot to see if they have not been tempered with.

The hypervisor or similair software running the VM checks the OS-kernel, bootloader and drivers of the VM at startup of the VM to see if they have not been tempered with.

How would it be less secure ?

I'm not aware of the OS (running on the bare metal or in the VM) checking the firmware and bootloader too. If that was true, then yes the VM could probably be fooled.

If there was some mechanism for the VM to check it's environment. You could obviously sign the firmware/BIOS, OS-kernel, bootloader, drivers and the hypervisor and the OS-kernel, drivers and bootloader of the VM too.

In that case I wouldn't be surprised if some vendor would eventually do it, maybe even with TPM-support who knows.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds