Re: [GIT PULL] Load keys from signed PE binaries

From: Florian Weimer
Date: Mon Feb 25 2013 - 09:28:47 EST


* Matthew Garrett:

> There's only one signing authority, and they only sign PE binaries.

There are at least two, with different policies, albeit run by the
same organization. Actually, we don't know how many authorities are
out there which have non-localized reach, so it's ... interesting to
attempt to construct any form of security based on that.

But what puzzles me most is why anyone would assume that the UEFI
application signing process somehow ensures that the embedded
certificate is non-malicious. We cannot even track it back to the
submitter because the third-pary market place UEFI authority only
issues pseudonymous proxy certificates. This utterly useless for any
purpose whatsoever, with the notable exception of avoding one
additional step when setting up a dual-boot machine (which will not
even work reliably until we switch to overwriting the Windows boot
loader, like in the pre-UEFI days).

Seriously, folks, can we go back one step and discuss what problem you
are trying to solve? Is it about allowing third-party kernel modules
in an environment which does not allow unsigned ring 0 code execution?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/