[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Matthew Garrett mjg59 at srcf.ucam.org
Wed Jun 27 17:39:28 UTC 2012


On Wed, Jun 27, 2012 at 01:35:42PM -0400, Steven Rostedt wrote:
> On Wed, 2012-06-27 at 18:24 +0100, Matthew Garrett wrote:
> 
> > If anything's able to write into kernel memory then I think we've 
> > already got fairly significant problems.
> 
> Which brings up an interesting point. IIRC, if a root hole is found in
> one of the signed kernels, that signature will get blacklisted, such
> that, that kernel will not boot anymore.

Well, it's more if an exploitable vulnerability is found in a kernel 
*and* that vulnerability is then used to attack other operating systems.

> (side note) How is the firmware updated to handle changes in what's
> accepted or not?

The EFI nvvars interface supports authenticated updates at runtime. 
There's a special variable called dbx that contains signatures and keys 
for blacklisted images.

> Is root holes found in Windows products going to have the same scrutiny?

We've been told that they'll have the same level of scrutiny.

-- 
Matthew Garrett | mjg59 at srcf.ucam.org


More information about the Ksummit-2012-discuss mailing list