Re: [RFC] Second attempt at kernel secure boot support

From: James Bottomley
Date: Fri Nov 02 2012 - 13:48:27 EST

Next message: Christoph Lameter: "Re: [PATCH 0/9 v2] use efficient this_cpu_* helper"
Previous message: Christoph Lameter: "Re: [PATCH v2 9/9] net: batman-adv: use per_cpu_add helper"
In reply to: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2012-11-02 at 16:54 +0000, Matthew Garrett wrote:
> On Fri, Nov 02, 2012 at 04:52:44PM +0000, James Bottomley wrote:
>
> > The first question is how many compromises do you need. Without
> > co-operation from windows, you don't get to install something in the
> > boot system, so if you're looking for a single compromise vector, the
> > only realistic attack is to trick the user into booting a hacked linux
> > system from USB or DVD.
>
> You run a binary. It pops up a box saying "Windows needs your permission
> to continue", just like almost every other Windows binary that's any
> use. Done.

And if all the loaders do some type of present user test on a virgin
system, how do you propose to get that message up there?

James

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Lameter: "Re: [PATCH 0/9 v2] use efficient this_cpu_* helper"
Previous message: Christoph Lameter: "Re: [PATCH v2 9/9] net: batman-adv: use per_cpu_add helper"
In reply to: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Matthew Garrett: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]