User: Password:
Subscribe / Log in / New account

SecureBoot can't come soon enough

SecureBoot can't come soon enough

Posted Nov 22, 2012 15:52 UTC (Thu) by raven667 (subscriber, #5198)
In reply to: SecureBoot can't come soon enough by cesarb
Parent article: A rootkit dissected

> When SecureBoot is used, the kernel will disable loading modules, but you do not need SecureBoot to do so yourself.

Although without checking of the bootloader you could create a grub module which would inject code or silently enable module loading as the kernel booted so that a rootkit could persist. And even with secureboot and disabling of unsigned module loading you can still inject code into the kernel using any kernel vulnerability accessible from userspace and use that to load a module or enable module loading.

It's good that most of these rootkits are clearly made by amateurs, what would a linux rootkit look like if it had the professional resources of cyber-weapons like Stuxnet or Flame?

(Log in to post comments)

SecureBoot can't come soon enough

Posted Nov 22, 2012 16:40 UTC (Thu) by nix (subscriber, #2304) [Link]

It would look invisible. :)

(Perhaps you're infected already! Look behind you!)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds