Garrett: Secure Boot and Restricted Boot [LWN.net]

Garrett: Secure Boot and Restricted Boot

Posted Apr 10, 2013 14:08 UTC (Wed) by mathstuf (subscriber, #69389)
In reply to: Garrett: Secure Boot and Restricted Boot by paulj
Parent article: Garrett: Secure Boot and Restricted Boot

> When the device is returned, the owner can wipe and re-install.

How do you know that you didn't just install to some malicious hypervisor? That's what Secure Boot helps with. With a blue pill virus, you have to wipe BIOS to be sure you are running what you installed. And if the user had full access, that's certainly a possibility.

to post comments

Garrett: Secure Boot and Restricted Boot

Posted Apr 10, 2013 20:30 UTC (Wed) by paulj (subscriber, #341) [Link]

Yes, "Secure Boot" would make "blue pill" harder, and provide a window during which to be able to detect OS subversion. However, you don't need "Secure Boot" to wipe & re-install - firmware usually provides a way to do this independent of any existing media.

If you say the firmware could be exploited then "Secure Boot" might not help either, if there is any unsigned, modifiable data that is parsed by the firmware. The firmware then may be as open to re-exploitation as the base OS.

Garrett: Secure Boot and Restricted Boot

Posted Apr 10, 2013 20:33 UTC (Wed) by paulj (subscriber, #341) [Link]

Oh, the Linux foundation shim loader should make blue pill attacks viable, even with "Secure Boot". So we'll see how long it stays signed and useable...

Garrett: Secure Boot and Restricted Boot

Posted Apr 10, 2013 21:36 UTC (Wed) by PaXTeam (guest, #24616) [Link]

> How do you know that you didn't just install to some malicious hypervisor?

hypervisors are trivial to detect, no need for SB.