Re: [GIT PULL] Load keys from signed PE binaries

From: Dave Airlie
Date: Wed Feb 27 2013 - 16:32:04 EST

Next message: Arnd Bergmann: "Re: [PATCH] Consolidate CONFIG_DEBUG_STRICT_USER_COPY_CHECK"
Previous message: Jiri Slaby: "[PATCH] TTY: disable debugging warning"
In reply to: Paolo Bonzini: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Geert Uytterhoeven: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 28, 2013 at 1:24 AM, Theodore Ts'o <tytso@xxxxxxx> wrote:
> On Tue, Feb 26, 2013 at 11:54:51AM -0500, Peter Jones wrote:
>> No, no, no. Quit saying nobody knows. We've got a pretty good idea -
>> we've got a contract with them, and it says they provide the signing
>> service, and under circumstances where the thing being signed is found
>> to enable malware that circumvents Secure Boot
>
> The question is what does "malware that circuments Secure Boot" mean?
> Does starting up a hacked KVM and running Windows 8 under KVM so that
> malare can be injected count as circumenting Secure Boot? If so, will
> you have to disable KVM, too?
>
> What if someone implements a virtualization bootkit for Windows 8.
> Will they revoke their own key? Somehow, I doubt that....

Have you noticed that laptops rarely come with virtualisation enabled
in the BIOS?

Now you know why.

Dave.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arnd Bergmann: "Re: [PATCH] Consolidate CONFIG_DEBUG_STRICT_USER_COPY_CHECK"
Previous message: Jiri Slaby: "[PATCH] TTY: disable debugging warning"
In reply to: Paolo Bonzini: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Geert Uytterhoeven: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]