Re: [GIT PULL] Load keys from signed PE binaries
From: Gene Heskett
Date: Fri Mar 01 2013 - 13:39:37 EST
On Friday 01 March 2013, Matthew Garrett wrote:
>On Wed, Feb 27, 2013 at 08:35:45PM +0000, ownssh wrote:
>> Matthew Garrett <mjg59 <at> srcf.ucam.org> writes:
>> > There's no way to update the UEFI key database without the update
>> > being signed by an already trusted key, so what you're proposing
>> > isn't possible.
>>
>> I confused.
>> Isn't custom mode can add user's own key?
>
>Yes, but that involves physically-present end-user interaction. A
>bootloader can't do it even if it's signed by Microsoft.
Thats a false flag Matthew. We have been 'touch'ing a file to trigger an
action on reboot, then typing "reboot" from 2000 miles away for at least a
decade. I fail to see why that idea couldn't be expanded to do this too.
Cheers, Gene
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
My web page: <http://coyoteden.dyndns-free.com:85/gene> is up!
My views
<http://www.armchairpatriot.com/What%20Has%20America%20Become.shtml>
Friends may come and go, but enemies accumulate.
-- Thomas Jones
I was taught to respect my elders, but its getting
harder and harder to find any...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/