Specifically, Microsoft's CA is designed to sign PE binaries that can be loaded as part of the UEFI boot process. This proposal involves wrapping an X.509 certificate inside a "false flag" UEFI binary in order to have it signed - as far as Microsoft is aware, they're signing a UEFI binary, but that's not how the file is going to be used - instead, it's going to be used as a container for an X.509 certificate that Linux will trust.
Say the private key for one of these embedded certificates escapes into the wild, or more simply the legitimate owner of the certificate uses it for nefarious purposes - will we really be able to convince Microsoft to revoke that signature or blacklist the PE binary? Remember that the PE binary that Microsoft signed can't itself be used to directly subvert the UEFI boot process - the executable portion of it is only a stub - but it *can* be used to subvert Linux systems. Will Microsoft care, or will they just say that the bug is in the fact that we're loading a certificate from that binary, when that isn't what it's for?
As a further objection, there's no reason why the Microsoft signature should be trusted by the Linux kernel for loading modules. Yes - anyone who can get a Microsoft-signed certificate can have their bootloader trusted, but that presupposes that they were able to install their own malicious bootloader in the first place. It's a much lower bar to be able to attempt to load a module into a running kernel than rewrite the bootloader, so I don't think it's a good idea that anyone who can create a trusted bootloader should also be able to create trusted kernel modules.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds