| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Jul 2012 08:33:17 +0000 From: James Bottomley <jbottomley@...allels.com> To: "Finnbarr P. Murphy" <fpm@...urphy.com> CC: linux-kernel <linux-kernel@...r.kernel.org>, "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org> Subject: Re: UEFI Secure Boot [added mailing list cc's since this is probably going to be a common question] On Wed, 2012-07-04 at 12:52 -0400, Finnbarr P. Murphy wrote: > Hi James, > > Nice work on your UEFI Secure Boot demo code! > > Have you experimented with either of the following scenarios? > > - Removing current PK via a utility > - Replacing current PK with a new PK via a utility > > assuming you know existing PK keys. Not yet ... I'm still working on writing the code that constructs the time based authentication bundle for the variables. When I have it, it will appear in my git repository (and I'll probably send a note to the linux-efi list): http://git.kernel.org/?p=linux/kernel/git/jejb/efitools.git;a=summary > From Chapter 27 of the UEFI Specification, this should be possible but > I cannot get either scenarios to work (due to error 26 - Security > Violation) Perhaps it is the OVMF implementation (latest from trunk) > but I suspect it is just my old age! Constructing time based authentication bundles is complex ... are you sure you have the code right? error 26 means the platform doesn't think the authentication is correct. James
Powered by blists - more mailing lists