[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security
Jiri Kosina
jkosina at suse.cz
Wed Jun 27 17:28:40 UTC 2012
On Wed, 27 Jun 2012, Matthew Garrett wrote:
> If anything's able to write into kernel memory then I think we've
> already got fairly significant problems. The model I was envisaging
> would involve the kernel verifying the kdump kernel when userspace loads
> it.
It's not an exception when kernel security vulnerability gives the
attacker the possibility to overwrite arbitrary memory locations. As UEFI
secure boot is apparently not able to provide any
protection/countermeasure against this, I am really wondering what it is
good for in reality.
--
Jiri Kosina
SUSE Labs
More information about the Ksummit-2012-discuss
mailing list