User: Password:
Subscribe / Log in / New account

Taking it seriously

Taking it seriously

Posted Jun 2, 2012 3:48 UTC (Sat) by raven667 (subscriber, #5198)
In reply to: Taking it seriously by gmaxwell
Parent article: Implementing UEFI Secure Boot in Fedora

> I've explained why it can't do that at least on Fedora/Linux without signing a substantial hunk of userspace

I think you're expecting the cart to be in front of the horse. Of course you only have a trusted code path as far as you've implemented a trusted code path. There is no point in implementing the userspace or even kernel checking until the lower layers are done because you could always hide a persistant rootkit one layer down than what you are checking. Building on the secure boot framework, now that it exists, will allow the other checks to happen, but it is not that implementation.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds