[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security
mjg59 at srcf.ucam.org
Wed Jun 27 17:39:28 UTC 2012
On Wed, Jun 27, 2012 at 01:35:42PM -0400, Steven Rostedt wrote:
> On Wed, 2012-06-27 at 18:24 +0100, Matthew Garrett wrote:
> > If anything's able to write into kernel memory then I think we've
> > already got fairly significant problems.
> Which brings up an interesting point. IIRC, if a root hole is found in
> one of the signed kernels, that signature will get blacklisted, such
> that, that kernel will not boot anymore.
Well, it's more if an exploitable vulnerability is found in a kernel
*and* that vulnerability is then used to attack other operating systems.
> (side note) How is the firmware updated to handle changes in what's
> accepted or not?
The EFI nvvars interface supports authenticated updates at runtime.
There's a special variable called dbx that contains signatures and keys
for blacklisted images.
> Is root holes found in Windows products going to have the same scrutiny?
We've been told that they'll have the same level of scrutiny.
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the Ksummit-2012-discuss