lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 3 Nov 2012 16:37:27 +0000 From: Matthew Garrett <mjg59@...f.ucam.org> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, James Bottomley <James.Bottomley@...senPartnership.com>, Eric Paris <eparis@...isplace.org>, Jiri Kosina <jkosina@...e.cz>, Oliver Neukum <oneukum@...e.de>, Chris Friesen <chris.friesen@...band.com>, Josh Boyer <jwboyer@...il.com>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org Subject: Re: [RFC] Second attempt at kernel secure boot support On Sat, Nov 03, 2012 at 04:31:52PM +0000, Alan Cox wrote: > > You're guaranteed to be able > > to do this on any Windows 8 certified hardware. > > Thats not my understanding of the situation. "17. Mandatory. On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following: a. It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK. This may be implemented by simply providing the option to clear all Secure Boot databases (PK, KEK, db, dbx), which puts the system into setup mode." -- Matthew Garrett | mjg59@...f.ucam.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists