Re: [GIT PULL] Load keys from signed PE binaries

From: Matthew Garrett
Date: Mon Feb 25 2013 - 22:45:40 EST


On Mon, Feb 25, 2013 at 07:40:31PM -0800, Greg KH wrote:

> What "vendor" is there in this case? You released a signed shim, as did
> the Linux Foundation, and lots of distros are now using it, and there
> are absolutly no "orginization" behind a bunch of them. Will your
> signed shim be revoked because a random PoC was posted somewhere that
> could be used with any kernel booted using it?

No, because the version I released doesn't allow you to boot stuff
without there having been explicit end-user authorisation in advance.
The LF loader is in the same situation. But no user-focused distribution
is going to do that.

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/