Gentoo Archives: gentoo-dev

From: Rich Freeman <rich0@g.o>
To: gentoo-dev@l.g.o
Cc: gregkh@g.o, lists@×××××××××××.net
Subject: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo
Date: Sun, 17 Jun 2012 17:18:39
Message-Id: CAGfcS_=q5n=DyiOvmn_xUcaMguPbeG7_sookP7gm8RkKxvROiA@mail.gmail.com
In Reply to: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo by "Michał Górny"
1 On Sun, Jun 17, 2012 at 1:06 PM, Michał Górny <mgorny@g.o> wrote:
2 > On Sun, 17 Jun 2012 09:55:35 -0700
3 > Greg KH <gregkh@g.o> wrote:
4 >
5 >> On Sun, Jun 17, 2012 at 05:51:04PM +0200, Michał Górny wrote:
6 >> > 2. What happens if, say, your bootloader is compromised?
7 >>
8 >> And how would this happen?  Your bootloader would not run.
9 >
10 > Yes. I'm asking what happens next. Is there an easy way to replace it?
11 > Or is your computer bricked until you run some other bootloader to
12 > replace the compromised one?
13
14 My understanding is that there are a few options here.
15
16 One is to simply re-image the system, either directly (as any vendor
17 does), or after booting off of removable media. I'd have to re-read
18 the spec but some of those might not require signatures, and in any
19 case ones with valid signatures should be available. You can of
20 course disable secure boot or go into custom mode as well which lets
21 you do whatever you want until you have the system back in a bootable
22 state.
23
24 If you're running Windows 8 I believe they plan to have a recovery
25 partition as well, which will be signed and bootable and which is
26 designed to recover the OS.
27
28 Rich