[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Steven Rostedt rostedt at goodmis.org
Wed Jun 27 17:37:50 UTC 2012


On Wed, 2012-06-27 at 19:28 +0200, Jiri Kosina wrote:
> On Wed, 27 Jun 2012, Matthew Garrett wrote:
> 
> > If anything's able to write into kernel memory then I think we've 
> > already got fairly significant problems. The model I was envisaging 
> > would involve the kernel verifying the kdump kernel when userspace loads 
> > it.
> 
> It's not an exception when kernel security vulnerability gives the 
> attacker the possibility to overwrite arbitrary memory locations. As UEFI 
> secure boot is apparently not able to provide any 
> protection/countermeasure against this, I am really wondering what it is 
> good for in reality.
> 

Exactly. As soon as any signed kernel (Windows, Linux or other) has a
root hole that can modify kernel memory, the entire system has been
compromised.

Thus, what is this protecting? Just a bigger wall for crackers to leap
over?

-- Steve




More information about the Ksummit-2012-discuss mailing list