Re: [GIT PULL] Load keys from signed PE binaries

From: Theodore Ts'o
Date: Wed Feb 27 2013 - 10:24:50 EST

Next message: Philip J. Kelleher: "[PATCHv2 3/4] block: IBM RamSan 70/80 branding changes."
Previous message: Benjamin Tissoires: "[PATCH] HID: multitouch: remove useless last_field_index field"
In reply to: Peter Jones: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Chris Friesen: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 26, 2013 at 11:54:51AM -0500, Peter Jones wrote:
> No, no, no. Quit saying nobody knows. We've got a pretty good idea -
> we've got a contract with them, and it says they provide the signing
> service, and under circumstances where the thing being signed is found
> to enable malware that circumvents Secure Boot

The question is what does "malware that circuments Secure Boot" mean?
Does starting up a hacked KVM and running Windows 8 under KVM so that
malare can be injected count as circumenting Secure Boot? If so, will
you have to disable KVM, too?

What if someone implements a virtualization bootkit for Windows 8.
Will they revoke their own key? Somehow, I doubt that....

- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Philip J. Kelleher: "[PATCHv2 3/4] block: IBM RamSan 70/80 branding changes."
Previous message: Benjamin Tissoires: "[PATCH] HID: multitouch: remove useless last_field_index field"
In reply to: Peter Jones: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Chris Friesen: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]