Re: [GIT PULL] Load keys from signed PE binaries

[Gene Heskett]

On Friday 01 March 2013, Matthew Garrett wrote:
>On Wed, Feb 27, 2013 at 08:35:45PM +0000, ownssh wrote:
>> Matthew Garrett <mjg59 <at> srcf.ucam.org> writes:
>> > There's no way to update the UEFI key database without the update
>> > being signed by an already trusted key, so what you're proposing
>> > isn't possible.
>> 
>> I confused.
>> Isn't custom mode can add user's own key?
>
>Yes, but that involves physically-present end-user interaction. A
>bootloader can't do it even if it's signed by Microsoft.

Thats a false flag Matthew.  We have been 'touch'ing a file to trigger an 
action on reboot, then typing "reboot" from 2000 miles away for at least a 
decade.  I fail to see why that idea couldn't be expanded to do this too.

Cheers, Gene
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
My web page: <http://coyoteden.dyndns-free.com:85/gene> is up!
My views 
<http://www.armchairpatriot.com/What%20Has%20America%20Become.shtml>
Friends may come and go, but enemies accumulate.
		-- Thomas Jones
I was taught to respect my elders, but its getting 
harder and harder to find any...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/