[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20121001210734.GB21712@elf.ucw.cz>
Date: Mon, 1 Oct 2012 23:07:34 +0200
From: Pavel Machek <pavel@....cz>
To: Matthew Garrett <mjg59@...f.ucam.org>
Cc: Alan Cox <alan@...rguk.ukuu.org.uk>, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org
Subject: Re: [RFC] First attempt at kernel secure boot support
On Tue 2012-09-04 17:12:56, Matthew Garrett wrote:
> On Tue, Sep 04, 2012 at 05:08:53PM +0100, Alan Cox wrote:
> > On Tue, 4 Sep 2012 11:55:06 -0400
> > Matthew Garrett <mjg@...hat.com> wrote:
> >
> > > The UEFI Secure Boot trust model is based on it not being possible for a
> > > user to cause a signed OS to boot an unsigned OS
> >
> > Unfortunately you can't fix this at kernel level because an untrusted
> > application can at GUI level fake a system crash, reboot cycle and phish
> > any basic credentials such as passwords for the windows partition.
>
> Any well-designed software asking for credentials should already be
> requiring a SAK, so in that case we just need to implement sensible SAK
> support in Linux.
So... the "secure" boot specification also describes what the SAK is?
It has to be same on all the operating systems to be effective.
And... you'd need to put SAK functionality into the kernel. (Currently
SAK only notifies _root_ user. You'd need to implement SAK
functionality displaying penguin with "This is not Windows"
message... in kernel).
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists