Re: [GIT PULL] Load keys from signed PE binaries

[Theodore Ts'o]

On Wed, Feb 27, 2013 at 01:21:03PM -0600, Chris Friesen wrote:
> 
> I think it'd need to be "doesn't notice operationally when running
> the virtualized Windows install".
> 
> Anyone going through all the trouble to virtualize an existing
> install could probably arrange to have the target computer do the
> conversion at a time when nobody is likely to be around.

It shouldn't be all that hard to avoid doing a full-fledged
conversion.  I've in the pat managed to configure KVM so that a
particular installation of Windows could be run either natively or
under KVM.  The hard part would be to make Windows not notice the
change in device drivers necessary, so trying to make this work with
paravirtualization would be tricky.  But if you aren't shooting for a
full performance, it shouldn't be that hard.

That being said, if someone were being employed by the NSA to attack
Iran, or by the MSS to attack the US Federal Government, or simply by
a russian firm wanting to make $$$ selling Viagra, they'd probably try
to shoot for figuring out some way to surrepticiously install the
paravirtualization drivers into an existing Windows install.  But this
is not a fundamental theoretical difficulty; just a practical one.)

       	 	     		 	     	    - Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/