[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Steven Rostedt rostedt at goodmis.org
Wed Jun 27 20:05:33 UTC 2012


On Wed, 2012-06-27 at 20:03 +0100, Matthew Garrett wrote:
> On Wed, Jun 27, 2012 at 07:59:17PM +0100, James Bottomley wrote:
> 
> > Or did you mean citation of "Microsoft seems happy with it"?  I was just
> > taking that from the fact that there's been no negative Redmond reaction
> > to the publicly posted plans.
> 
> I don't think Microsoft have any reason to care about Linux distribution 
> implementation details if they're not used to exploit other 
> distributions or operating systems. However, the expectation is pretty 
> clearly that kernels and drivers be signed. Failing to do that makes it 
> trivial for someone to bypass any security built on top of secure boot.
> 

Let me get this straight though. The worry is that an attacker can take
the Ubuntu signed boot loader, place a infected payload on it, and then
inject this boot loader and malware to boot an infected Windows, right?

Then ship this via some web exploit, that sticks this into the bootup
process. Now the next time the user reboots their Windows box, they have
an infected machine.

Is this what the fear is?

Now, if the only boot loader that Ubuntu gets signed, has a splash
screen that shows a big screen Ubuntu logo for a few seconds before
booting, I think the user would know something is funny the next time
they reboot their box. That is, this malware won't get there totally
silently.

-- Steve




More information about the Ksummit-2012-discuss mailing list