[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Rafael J. Wysocki rjw at sisk.pl
Wed Jun 27 19:03:33 UTC 2012


On Wednesday, June 27, 2012, Steven Rostedt wrote:
> On Wed, 2012-06-27 at 19:28 +0200, Jiri Kosina wrote:
> > On Wed, 27 Jun 2012, Matthew Garrett wrote:
> > 
> > > If anything's able to write into kernel memory then I think we've 
> > > already got fairly significant problems. The model I was envisaging 
> > > would involve the kernel verifying the kdump kernel when userspace loads 
> > > it.
> > 
> > It's not an exception when kernel security vulnerability gives the 
> > attacker the possibility to overwrite arbitrary memory locations. As UEFI 
> > secure boot is apparently not able to provide any 
> > protection/countermeasure against this, I am really wondering what it is 
> > good for in reality.
> > 
> 
> Exactly. As soon as any signed kernel (Windows, Linux or other) has a
> root hole that can modify kernel memory, the entire system has been
> compromised.
> 
> Thus, what is this protecting? Just a bigger wall for crackers to leap
> over?

Pretty much.

But for Microsofr it's kind of easier to pretend that their kernel doesn't
contain any root holes (or equivalent).

Thanks,
Rafael


More information about the Ksummit-2012-discuss mailing list