Garrett: Secure Boot and Restricted Boot [LWN.net]

Garrett: Secure Boot and Restricted Boot

Posted Apr 3, 2013 21:41 UTC (Wed) by paulj (subscriber, #341)
In reply to: Garrett: Secure Boot and Restricted Boot by raven667
Parent article: Garrett: Secure Boot and Restricted Boot

When the kernel is insecure, when user-space is unlikely to be any better, why on earth would a rootkit *need* to modify the firmware? **ALL** it needs to do is arrange for an exploit to run early during boot. That exploit needn't even involve modifying any system binaries, if it can just exploit a bug in reading some data (which there are surely plenty - how well do,e.g., config file parsers get tested for security bugs?).

A "Secure" boot of utterly insecure software is meaningless.

to post comments

Garrett: Secure Boot and Restricted Boot

Posted Apr 3, 2013 22:08 UTC (Wed) by raven667 (subscriber, #5198) [Link]

That is one opinion, but the kernel and userspace will never be any better or more secure than they are today and some people aren't willing to just throw up their hands and accept insecurity as the normal state of affairs without trying to do something about it. What you describe is correct, an exploit can be driven from config read during early boot, or attacker supplied code that exploits the system but the attack surface of config parsers is fairly small and well defined while the point where attacker supplied code can be run can be pushed later and later in the boot process via nested signature checking. Even in the case of an thoroughly compromised system the update process can be blocked but not modified so that the holes can be closed as they are found, leaving a working system which can be more reliably cleaned. Secure Boot gives you a small beachhead with which you have the opportunity to retake control of your system from a remote attacker, nothing more.