Re: [GIT PULL] Load keys from signed PE binaries
From: Theodore Ts'o
Date: Wed Feb 27 2013 - 10:24:50 EST
On Tue, Feb 26, 2013 at 11:54:51AM -0500, Peter Jones wrote:
> No, no, no. Quit saying nobody knows. We've got a pretty good idea -
> we've got a contract with them, and it says they provide the signing
> service, and under circumstances where the thing being signed is found
> to enable malware that circumvents Secure Boot
The question is what does "malware that circuments Secure Boot" mean?
Does starting up a hacked KVM and running Windows 8 under KVM so that
malare can be injected count as circumenting Secure Boot? If so, will
you have to disable KVM, too?
What if someone implements a virtualization bootkit for Windows 8.
Will they revoke their own key? Somehow, I doubt that....
- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/