Re: [GIT PULL] Load keys from signed PE binaries

From: Chris Friesen
Date: Thu Feb 28 2013 - 10:43:38 EST

Next message: Kumar Gala: "Re: [PATCH 2/6] powerpc/fsl_pci: Store the platform device information corresponding to the pci controller."
Previous message: Mandeep Singh Baines: "Re: [PATCH v2 2/3] freezer: do not send a fake signal to aPF_DUMPCORE thread"
In reply to: Florian Weimer: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Florian Weimer: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/28/2013 01:57 AM, Florian Weimer wrote:

In any case, there's another reading of the UEFI Secure Boot
requirements: you may run any code you wish after calling
ExitBootServices(). That could be an unsigned, traditional GRUB. But
this will not generally address the issue of dual-booting Windows 8 in
such a way that Windows sees that the device has enabled Microsoft
Secure Boot.

Would it be possible to have a signed bootloader that allows booting Win8 from within the secure environment, or it could exit the secure environment and run unsigned grub?

Chris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kumar Gala: "Re: [PATCH 2/6] powerpc/fsl_pci: Store the platform device information corresponding to the pci controller."
Previous message: Mandeep Singh Baines: "Re: [PATCH v2 2/3] freezer: do not send a fake signal to aPF_DUMPCORE thread"
In reply to: Florian Weimer: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Florian Weimer: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]