lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1341477196.3121.11.camel@dabdike>
Date:	Thu, 5 Jul 2012 08:33:17 +0000
From:	James Bottomley <jbottomley@...allels.com>
To:	"Finnbarr P. Murphy" <fpm@...urphy.com>
CC:	linux-kernel <linux-kernel@...r.kernel.org>,
	"linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>
Subject: Re: UEFI Secure Boot

[added mailing list cc's since this is probably going to be a common question]

On Wed, 2012-07-04 at 12:52 -0400, Finnbarr P. Murphy wrote:
> Hi James,
> 
> Nice work on your UEFI Secure Boot demo code!
> 
> Have you experimented with either of the following scenarios?
> 
>     - Removing current PK via a utility
>     - Replacing current PK with a new PK via a utility
> 
> assuming you know existing PK keys.

Not yet ... I'm still working on writing the code that constructs the
time based authentication bundle for the variables.  When I have it, it
will appear in my git repository (and I'll probably send a note to the
linux-efi list):

http://git.kernel.org/?p=linux/kernel/git/jejb/efitools.git;a=summary

>  From Chapter 27 of the UEFI Specification, this should be possible but 
> I cannot get either scenarios to work (due to error 26 - Security 
> Violation)   Perhaps it is the OVMF implementation (latest from trunk) 
> but I suspect it is just my old age!

Constructing time based authentication bundles is complex ... are you
sure you have the code right?  error 26 means the platform doesn't think
the authentication is correct.

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ