Re: [RFC] Second attempt at kernel secure boot support

[Matthew Garrett]

On Fri, Nov 02, 2012 at 11:38:23PM +0000, James Bottomley wrote:
> On Fri, 2012-11-02 at 18:04 +0000, Matthew Garrett wrote:
> > A user runs a binary that elevates itself to admin. Absent any flaws in 
> > Windows (cough), that should be all it can do in a Secure Boot world. 
> > But if you can drop a small trusted Linux system in there and use that 
> > to boot a compromised Windows kernel, it can make itself persistent.
> 
> We seem to be talking past each other.  Assume you managed to install a
> Linux boot system on the windows machine.  If the linux boot requires
> present user on first boot (either because the key of the bootloader
> isn't in db or because the MOK database isn't initialised), you still
> don't have a compromise because the loader won't start automatically.

Why would an attacker use one of those Linux systems? There's going to 
be plenty available that don't have that restriction.

-- 
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/