| 1 |
On Fri, Jun 15, 2012 at 3:01 PM, Rich Freeman <rich0@g.o> wrote: |
| 2 |
> I think that anybody that really cares about security should be |
| 3 |
> running in custom mode anyway, and should just re-sign anything they |
| 4 |
> want to run. Custom mode lets you clear every single key in the |
| 5 |
> system from the vendor on down, and gives you the ability to ensure |
| 6 |
> the system only boots stuff you want it to. |
| 7 |
|
| 8 |
I have several questions, that hopefully someone familiar with UEFI |
| 9 |
Secure Boot is able to answer. If I understand UEFI correctly, the |
| 10 |
user will need to not just re-sign bootloaders, but also the |
| 11 |
OS-neutral drivers (e.g., UEFI GOP), which are hardware-specific, and |
| 12 |
will be probably signed with Microsoft keys, since the hardware vendor |
| 13 |
would otherwise need to implement expensive key security measures — is |
| 14 |
that correct? If the user does not perform this procedure (due to its |
| 15 |
complexity and/or lack of tools automating the process), is it |
| 16 |
possible for an externally connected device to compromise the system |
| 17 |
by supplying a Microsoft-signed blob directly to the UEFI firmware, |
| 18 |
circumventing the (Linux) OS? Is it possible to develop an automatic |
| 19 |
re-signing tool — i.e., does the API support all needed features |
| 20 |
(listing / extracting drivers, revoking keys, adding keys, etc.)? |
| 21 |
|
| 22 |
-- |
| 23 |
Maxim Kammerer |
| 24 |
Liberté Linux: http://dee.su/liberte |
Archives