[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security
James.Bottomley at HansenPartnership.com
Wed Jun 27 18:39:26 UTC 2012
On Wed, 2012-06-27 at 18:58 +0100, Matthew Garrett wrote:
> On Wed, Jun 27, 2012 at 01:55:31PM -0400, Steven Rostedt wrote:
> > On Wed, 2012-06-27 at 18:39 +0100, Matthew Garrett wrote:
> > > Well, it's more if an exploitable vulnerability is found in a kernel
> > > *and* that vulnerability is then used to attack other operating systems.
> > What level of exploit is this? As userspace is not to be trusted, any
> > way root has the ability to change kernel memory (like the loaded kexec
> > image), then this would be classified as an exploit that can attack
> > another operating system. No?
> If I can boot a signed Linux kernel and then use that to launch a
> trojaned Linux or Windows kernel then that signed kernel is likely to be
That's an extreme interpretation. We can debate this at the kernel
summit, but it's my belief that no-one, least of all Microsoft, the only
possible CA for UEFI keys, is going to blacklist a Linux Key on the
grounds that there's a possible trojan vector.
Just look at Ubuntu's current secure boot plans: They're going to do a
winqual signed elilo that will initially boot unsigned kernels.
Microsoft seems to be happy with that, so I don't think we have to lock
our kernels down in the name of fearing Microsoft ... now preparing the
kernel for a secure environment the user wants to set up on the other
hand is a worthy goal, but it's one we can approach gradually.
More information about the Ksummit-2012-discuss