[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87ppzo79in.fsf@mid.deneb.enyo.de>
Date: Mon, 25 Feb 2013 15:28:32 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: Matthew Garrett <mjg59@...f.ucam.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
David Howells <dhowells@...hat.com>,
Josh Boyer <jwboyer@...hat.com>,
Peter Jones <pjones@...hat.com>,
Vivek Goyal <vgoyal@...hat.com>,
Kees Cook <keescook@...omium.org>, keyrings@...ux-nfs.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] Load keys from signed PE binaries
* Matthew Garrett:
> There's only one signing authority, and they only sign PE binaries.
There are at least two, with different policies, albeit run by the
same organization. Actually, we don't know how many authorities are
out there which have non-localized reach, so it's ... interesting to
attempt to construct any form of security based on that.
But what puzzles me most is why anyone would assume that the UEFI
application signing process somehow ensures that the embedded
certificate is non-malicious. We cannot even track it back to the
submitter because the third-pary market place UEFI authority only
issues pseudonymous proxy certificates. This utterly useless for any
purpose whatsoever, with the notable exception of avoding one
additional step when setting up a dual-boot machine (which will not
even work reliably until we switch to overwriting the Windows boot
loader, like in the pre-UEFI days).
Seriously, folks, can we go back one step and discuss what problem you
are trying to solve? Is it about allowing third-party kernel modules
in an environment which does not allow unsigned ring 0 code execution?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists