[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Dave Airlie airlied at gmail.com
Thu Jun 28 14:10:33 UTC 2012


On Wed, Jun 27, 2012 at 9:05 PM, Steven Rostedt <rostedt at goodmis.org> wrote:
> On Wed, 2012-06-27 at 20:03 +0100, Matthew Garrett wrote:
>> On Wed, Jun 27, 2012 at 07:59:17PM +0100, James Bottomley wrote:
>>
>> > Or did you mean citation of "Microsoft seems happy with it"?  I was just
>> > taking that from the fact that there's been no negative Redmond reaction
>> > to the publicly posted plans.
>>
>> I don't think Microsoft have any reason to care about Linux distribution
>> implementation details if they're not used to exploit other
>> distributions or operating systems. However, the expectation is pretty
>> clearly that kernels and drivers be signed. Failing to do that makes it
>> trivial for someone to bypass any security built on top of secure boot.
>>
>
> Let me get this straight though. The worry is that an attacker can take
> the Ubuntu signed boot loader, place a infected payload on it, and then
> inject this boot loader and malware to boot an infected Windows, right?
>
> Then ship this via some web exploit, that sticks this into the bootup
> process. Now the next time the user reboots their Windows box, they have
> an infected machine.
>
> Is this what the fear is?
>
> Now, if the only boot loader that Ubuntu gets signed, has a splash
> screen that shows a big screen Ubuntu logo for a few seconds before
> booting, I think the user would know something is funny the next time
> they reboot their box. That is, this malware won't get there totally
> silently.

Steve,

I don't think imposing a UI constraint like that is in any way
practical for a bootloader, we want less things shitting
on the screen at bootup not more :-)

Dave.


More information about the Ksummit-2012-discuss mailing list