Re: [GIT PULL] Load keys from signed PE binaries
From: Chris Friesen
Date: Wed Feb 27 2013 - 12:36:31 EST
On 02/27/2013 09:24 AM, Theodore Ts'o wrote:
On Tue, Feb 26, 2013 at 11:54:51AM -0500, Peter Jones wrote:
No, no, no. Quit saying nobody knows. We've got a pretty good idea -
we've got a contract with them, and it says they provide the signing
service, and under circumstances where the thing being signed is found
to enable malware that circumvents Secure Boot
The question is what does "malware that circuments Secure Boot" mean?
Does starting up a hacked KVM and running Windows 8 under KVM so that
malare can be injected count as circumenting Secure Boot? If so, will
you have to disable KVM, too?
I could see an argument for KVM to require either a signed binary or
else someone at the keyboard to explicitly okay loading the image.
Anything else breaks the chain of trust.
It may be somewhat far-fetched, but I think it would be possible to take
an existing secure-boot Win 8 install, turn it into a VM but with an
infected kernel. Then install a signed Linux distro that runs the Win8
VM as a guest.
At this point you've got a running infected Win8 install that is running
on Secure Boot hardware but is actually running malware.
Admittedly this would be tricky to do reliably in a way that the user
doesn't notice, so it may not actually be a real-world threat.
Chris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/