[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security
Steven Rostedt
rostedt at goodmis.org
Wed Jun 27 17:37:50 UTC 2012
On Wed, 2012-06-27 at 19:28 +0200, Jiri Kosina wrote:
> On Wed, 27 Jun 2012, Matthew Garrett wrote:
>
> > If anything's able to write into kernel memory then I think we've
> > already got fairly significant problems. The model I was envisaging
> > would involve the kernel verifying the kdump kernel when userspace loads
> > it.
>
> It's not an exception when kernel security vulnerability gives the
> attacker the possibility to overwrite arbitrary memory locations. As UEFI
> secure boot is apparently not able to provide any
> protection/countermeasure against this, I am really wondering what it is
> good for in reality.
>
Exactly. As soon as any signed kernel (Windows, Linux or other) has a
root hole that can modify kernel memory, the entire system has been
compromised.
Thus, what is this protecting? Just a bigger wall for crackers to leap
over?
-- Steve
More information about the Ksummit-2012-discuss
mailing list