| |||||||||||||
UEFI secure boot kernel restrictionsUEFI secure boot kernel restrictionsPosted Nov 9, 2012 18:41 UTC (Fri) by mathstuf (subscriber, #69389)In reply to: UEFI secure boot kernel restrictions by hummassa Parent article: UEFI secure boot kernel restrictions
> And *that* is the *impossible* proposition, because to do anything useful the initramfs has to has *some* vulnerability.
I'd like a clarification here: initramfs has to have a vulnerability because of:
- what it does; or
This seems like an important distinction to me, but I'm also unfamiliar with what initramfs actually does or needs to do at a detailed level.
(Log in to post comments)
UEFI secure boot kernel restrictions Posted Nov 10, 2012 1:34 UTC (Sat) by hummassa (subscriber, #307) [Link]
> - it does so much that *something* it calls is ~100% likely to have *some* vulnerability; or
that's the one :-D
UEFI secure boot kernel restrictions Posted Nov 10, 2012 2:04 UTC (Sat) by raven667 (subscriber, #5198) [Link]
Well you have to presume the kernel has some vulnerabilities but you can control what code calls into the kernel, at least for very early boot when the system is still being set up. Anything that has a fixed function can get signatures and be solidified, the problems come in when you have to run arbitrary code which is outside the users ability to audit.
|
|||||||||||||