[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Jiri Kosina jkosina at suse.cz
Wed Jun 27 17:28:40 UTC 2012

On Wed, 27 Jun 2012, Matthew Garrett wrote:

> If anything's able to write into kernel memory then I think we've 
> already got fairly significant problems. The model I was envisaging 
> would involve the kernel verifying the kdump kernel when userspace loads 
> it.

It's not an exception when kernel security vulnerability gives the 
attacker the possibility to overwrite arbitrary memory locations. As UEFI 
secure boot is apparently not able to provide any 
protection/countermeasure against this, I am really wondering what it is 
good for in reality.

Jiri Kosina

More information about the Ksummit-2012-discuss mailing list