On Tue, 2013-08-13 at 22:54 +0200, Ben Hutchings wrote: [...] > Apparently, the Secure Boot spec requires each stage of the boot code to > validate signatures only until ExitBootServices() is called. (At this > point the firmware makes some parts of its non-volatile configuration > inaccessible.) [...] However, there is now a blog post from Microsoft that supports what Matthew Garrett has been saying for a while - they may revoke the signature on a boot loader if signature verification is not extended to the kernel, including any mechanism to chain-load another kernel: http://blogs.msdn.com/b/windows_hardware_certification/archive/2013/12/03/microsoft-uefi-ca-signing-policy-updates.aspx (specifically point 5(b)) This implies that when Secure Boot is enabled, only signed kernels and modules can be loaded and other features that allow code injection such as kexec, hibernation and /dev/mem must be disabled. Or we cross our fingers and hope no-one uses Debian's shim in a Windows boot kit. (There is work on a new kexec interface which could include signature verification. I think there is a theoretical solution for hibernation but I don't think it has been implemented.) Ben. -- Ben Hutchings One of the nice things about standards is that there are so many of them.
Attachment:
signature.asc
Description: This is a digitally signed message part