Re: [GIT PULL] Load keys from signed PE binaries
From: Dave Airlie
Date: Wed Feb 27 2013 - 16:32:04 EST
On Thu, Feb 28, 2013 at 1:24 AM, Theodore Ts'o <tytso@xxxxxxx> wrote:
> On Tue, Feb 26, 2013 at 11:54:51AM -0500, Peter Jones wrote:
>> No, no, no. Quit saying nobody knows. We've got a pretty good idea -
>> we've got a contract with them, and it says they provide the signing
>> service, and under circumstances where the thing being signed is found
>> to enable malware that circumvents Secure Boot
>
> The question is what does "malware that circuments Secure Boot" mean?
> Does starting up a hacked KVM and running Windows 8 under KVM so that
> malare can be injected count as circumenting Secure Boot? If so, will
> you have to disable KVM, too?
>
> What if someone implements a virtualization bootkit for Windows 8.
> Will they revoke their own key? Somehow, I doubt that....
Have you noticed that laptops rarely come with virtualisation enabled
in the BIOS?
Now you know why.
Dave.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/