Re: [RFC] Second attempt at kernel secure boot support

From: Matthew Garrett
Date: Fri Nov 02 2012 - 12:55:08 EST

Next message: Chris Friesen: "Re: [RFC] Second attempt at kernel secure boot support"
Previous message: Bjorn Helgaas: "Re: [BUGFIX 2/2] PCI/PM: Resume device before shutdown"
In reply to: James Bottomley: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: James Bottomley: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 02, 2012 at 04:52:44PM +0000, James Bottomley wrote:

> The first question is how many compromises do you need. Without
> co-operation from windows, you don't get to install something in the
> boot system, so if you're looking for a single compromise vector, the
> only realistic attack is to trick the user into booting a hacked linux
> system from USB or DVD.

You run a binary. It pops up a box saying "Windows needs your permission
to continue", just like almost every other Windows binary that's any
use. Done.

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Friesen: "Re: [RFC] Second attempt at kernel secure boot support"
Previous message: Bjorn Helgaas: "Re: [BUGFIX 2/2] PCI/PM: Resume device before shutdown"
In reply to: James Bottomley: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: James Bottomley: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]