[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Jiri Kosina jkosina at suse.cz
Wed Jun 27 19:51:35 UTC 2012


On Wed, 27 Jun 2012, Matthew Garrett wrote:

> > It's not an exception when kernel security vulnerability gives the 
> > attacker the possibility to overwrite arbitrary memory locations. As UEFI 
> > secure boot is apparently not able to provide any 
> > protection/countermeasure against this, I am really wondering what it is 
> > good for in reality.
> 
> If our assumption is that the kernel is insecure, what's the point of 
> any level of local security?

My questions and doubts probably stem from the fact that I really never 
understood what the whole UEFI secure boot thing is intended to protect 
against.

I understand the "you can't create an evil hypervisor that will try to 
hide its existence and do bad things to the guest OS", but it seems to me 
that this can't be the only scenario the secure boot architects had on 
their minds, as I'd really clasify that "much ado for nothing".

-- 
Jiri Kosina
SUSE Labs


More information about the Ksummit-2012-discuss mailing list