[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security
jkosina at suse.cz
Wed Jun 27 19:51:35 UTC 2012
On Wed, 27 Jun 2012, Matthew Garrett wrote:
> > It's not an exception when kernel security vulnerability gives the
> > attacker the possibility to overwrite arbitrary memory locations. As UEFI
> > secure boot is apparently not able to provide any
> > protection/countermeasure against this, I am really wondering what it is
> > good for in reality.
> If our assumption is that the kernel is insecure, what's the point of
> any level of local security?
My questions and doubts probably stem from the fact that I really never
understood what the whole UEFI secure boot thing is intended to protect
I understand the "you can't create an evil hypervisor that will try to
hide its existence and do bad things to the guest OS", but it seems to me
that this can't be the only scenario the secure boot architects had on
their minds, as I'd really clasify that "much ado for nothing".
More information about the Ksummit-2012-discuss