Re: [RFC] Second attempt at kernel secure boot support

From: Matthew Garrett
Date: Thu Nov 01 2012 - 12:26:53 EST

Next message: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Previous message: Matthew Garrett: "Re: Kdump with signed images"
In reply to: Eric Paris: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Eric Paris: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Nov 01, 2012 at 03:06:30PM +0000, James Bottomley wrote:

> But surely that's fanciful ... you've already compromised windows to get
> access to the ESP. If you've done it once, you can do it again until
> the exploit is patched. There are likely many easier ways of ensuring
> persistence than trying to install a full linux kernel with a
> compromised resume system.

There's a pretty strong distinction between "Machine is exploited until
exploit is patched" and "Machine is exploited until drive is replaced".

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Previous message: Matthew Garrett: "Re: Kdump with signed images"
In reply to: Eric Paris: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Eric Paris: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]