LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

UEFI secure boot kernel restrictions

UEFI secure boot kernel restrictions

Posted Nov 8, 2012 16:13 UTC (Thu) by alonz (subscriber, #815)
Parent article: UEFI secure boot kernel restrictions

> It's not exactly clear why Microsoft would make a distinction between a
> kernel exploit and using legitimate kernel services when making a
> blacklisting decision [...]

Actually the explanation is quite simple: if a compromise is the result of a kernel exploit, Microsoft can expect (and/or demand) a bug fix – and revoke the key only if the vendor misbehaves. If the compromise is a "feature" of the product, this is vendor misbehavior by definition.

(I see the same at work, quite a lot—I architect security systems; this kind of behavior is built-in into the legalese of many certification processes.)

(Log in to post comments)

UEFI secure boot kernel restrictions

Posted Nov 8, 2012 16:25 UTC (Thu) by jake (editor, #205) [Link]

> if a compromise is the result of a kernel exploit, Microsoft can
> expect (and/or demand) a bug fix

and that's fine from a certification standpoint, i suppose, but i don't really see how it changes the attack picture. that signed kernel with a known exploit still exists, so it can still be used as an attack vector.

jake

UEFI secure boot kernel restrictions

Posted Nov 8, 2012 16:33 UTC (Thu) by pjones (guest, #31722) [Link]

No - in the case that it's being exploited, they'll issue DBX updates that ban that specific kernel's hash, and shim will honor DBX.

UEFI secure boot kernel restrictions

Posted Nov 8, 2012 18:46 UTC (Thu) by faramir (subscriber, #2327) [Link]

The whole idea of UEFI secure boot and Linux seems to have started as an ease (possibility?) of use issue rather then due to a strong desire to improve Linux security. That's not to say that people working on this don't also desire to improve Linux security. Just that that might not be their primary concern.

UEFI secure boot kernel restrictions

Posted Nov 8, 2012 20:23 UTC (Thu) by pjones (guest, #31722) [Link]

Yeah, it's fair to say we weren't planning on spending the 5 or so man-years we've spent on Secure Boot implementing it until we found out that we absolutely had to.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds