LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LSS: Secure Boot

LSS: Secure Boot

Posted Sep 13, 2012 23:51 UTC (Thu) by hummassa (subscriber, #307)
In reply to: LSS: Secure Boot by pjones
Parent article: LSS: Secure Boot

> If you choose to disable security features instead of putting that effort in, you'll not be able to take advantage of the added security.

You know, you kind of proved my point. There is NO added security, because you can always find another vulnerability in the kernel, and use that to escalate past the bootloader (like creating crafted restore-from-hibernation images) and people will act under the illusion that their systems have "added security" when they aren't, which, as I mentioned, diminishes the overall security. For instance, the crafted restore image could allow running unsigned or signed-by-the-malware-author executables or substitute key libraries.

And again, that is my point: "Secure Boot" == "fake security", which is far worse than "no security".

And worse yet: "Secure Boot" == "you are running a signed O.S. (with Defective by Design implications and I Can Phone Home and invade your privacy implications)" OR "you are running a signed (bla bla) but COMPROMISED by malware O.S."...

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds