Re: [RFC] Second attempt at kernel secure boot support

From: Matthew Garrett
Date: Fri Nov 02 2012 - 14:05:08 EST


On Fri, Nov 02, 2012 at 05:57:38PM +0000, James Bottomley wrote:
> On Fri, 2012-11-02 at 17:54 +0000, Matthew Garrett wrote:
> > ? That's the message generated by the Windows access control mechanism
> > when you run a binary that requests elevated privileges.
>
> So that's a windows attack vector using a windows binary? I can't really
> see how it's relevant to the secure boot discussion then.

A user runs a binary that elevates itself to admin. Absent any flaws in
Windows (cough), that should be all it can do in a Secure Boot world.
But if you can drop a small trusted Linux system in there and use that
to boot a compromised Windows kernel, it can make itself persistent.

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/