User: Password:
|
|
Subscribe / Log in / New account

UEFI secure boot kernel restrictions

UEFI secure boot kernel restrictions

Posted Nov 8, 2012 16:25 UTC (Thu) by jake (editor, #205)
In reply to: UEFI secure boot kernel restrictions by alonz
Parent article: UEFI secure boot kernel restrictions

> if a compromise is the result of a kernel exploit, Microsoft can
> expect (and/or demand) a bug fix

and that's fine from a certification standpoint, i suppose, but i don't really see how it changes the attack picture. that signed kernel with a known exploit still exists, so it can still be used as an attack vector.

jake


(Log in to post comments)

UEFI secure boot kernel restrictions

Posted Nov 8, 2012 16:33 UTC (Thu) by pjones (subscriber, #31722) [Link]

No - in the case that it's being exploited, they'll issue DBX updates that ban that specific kernel's hash, and shim will honor DBX.

UEFI secure boot kernel restrictions

Posted Nov 8, 2012 18:46 UTC (Thu) by faramir (subscriber, #2327) [Link]

The whole idea of UEFI secure boot and Linux seems to have started as an ease (possibility?) of use issue rather then due to a strong desire to improve Linux security. That's not to say that people working on this don't also desire to improve Linux security. Just that that might not be their primary concern.

UEFI secure boot kernel restrictions

Posted Nov 8, 2012 20:23 UTC (Thu) by pjones (subscriber, #31722) [Link]

Yeah, it's fair to say we weren't planning on spending the 5 or so man-years we've spent on Secure Boot implementing it until we found out that we absolutely had to.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds