[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

James Bottomley James.Bottomley at HansenPartnership.com
Wed Jun 27 18:39:26 UTC 2012


On Wed, 2012-06-27 at 18:58 +0100, Matthew Garrett wrote:
> On Wed, Jun 27, 2012 at 01:55:31PM -0400, Steven Rostedt wrote:
> > On Wed, 2012-06-27 at 18:39 +0100, Matthew Garrett wrote:
> > > Well, it's more if an exploitable vulnerability is found in a kernel 
> > > *and* that vulnerability is then used to attack other operating systems.
> > 
> > What level of exploit is this? As userspace is not to be trusted, any
> > way root has the ability to change kernel memory (like the loaded kexec
> > image), then this would be classified as an exploit that can attack
> > another operating system. No?
> 
> If I can boot a signed Linux kernel and then use that to launch a 
> trojaned Linux or Windows kernel then that signed kernel is likely to be 
> blacklisted.

That's an extreme interpretation.  We can debate this at the kernel
summit, but it's my belief that no-one, least of all Microsoft, the only
possible CA for UEFI keys, is going to blacklist a Linux Key on the
grounds that there's a possible trojan vector.

Just look at Ubuntu's current secure boot plans: They're going to do a
winqual signed elilo that will initially boot unsigned kernels.
Microsoft seems to be happy with that, so I don't think we have to lock
our kernels down in the name of fearing Microsoft ... now preparing the
kernel for a secure environment the user wants to set up on the other
hand is a worthy goal, but it's one we can approach gradually.

James




More information about the Ksummit-2012-discuss mailing list