Re: [GIT PULL] Load keys from signed PE binaries

From: Geert Uytterhoeven
Date: Wed Feb 27 2013 - 07:32:37 EST

Next message: Bar. Linda Hitti: "Dear Friend"
Previous message: Ingo Molnar: "Re: [PATCH] perf: add callgrind conversion tool"
In reply to: Peter Jones: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Matthew Garrett: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 26, 2013 at 11:06 PM, Peter Jones <pjones@xxxxxxxxxx> wrote:
> On Tue, Feb 26, 2013 at 10:57:38PM +0100, Geert Uytterhoeven wrote:
>
>> BTW, I assume UEFI checks itself if enrolled hashes have been revoked,
>> so it must phone home to some server? That must be disabled as well.
>
> No. Quit fearmongering.

Good to know, thanks!

So revocation will only be done by the guest OS?
I.e. if I only boot my own trusted Linux, even if it's signed with the MS key,
the MS key _on my system_ will never be revoked?

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bar. Linda Hitti: "Dear Friend"
Previous message: Ingo Molnar: "Re: [PATCH] perf: add callgrind conversion tool"
In reply to: Peter Jones: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Matthew Garrett: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]