User: Password:
|
|
Subscribe / Log in / New account

No signed kernel, just a signed boot loader

No signed kernel, just a signed boot loader

Posted Jun 25, 2012 23:27 UTC (Mon) by mjg59 (subscriber, #23239)
In reply to: No signed kernel, just a signed boot loader by dashesy
Parent article: Details on Ubuntu's UEFI secure boot plan

DISABLE_INTEGRITY_CHECKS no longer works unless you disable secure boot. Ditto any custom certificates.


(Log in to post comments)

No signed kernel, just a signed boot loader

Posted Jun 26, 2012 6:45 UTC (Tue) by slashdot (guest, #22014) [Link]

How about just installing a Windows service or putting something in the Startup folder or CurrentVersion\Run or /etc/init or .config/autostart in Linux, etc.?

Will anything prevent that software from starting and then going full screen and imitating the normal Windows GUI while behaving arbitrarily at the discretion of the malware writer?

If they block any autostart of non-Microsoft-signed programs, they'll break a ton of existing setups, while otherwise secure boot will provide no security whatsoever.

No signed kernel, just a signed boot loader

Posted Jun 26, 2012 13:29 UTC (Tue) by mjg59 (subscriber, #23239) [Link]

Windows starts the malware checking code before it launches any other userspace.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds