Originally posted by IsacDaavid
View Post
Announcement
Collapse
No announcement yet.
Defeating Secure Boot With Linux Kexec
Collapse
X
-
-
Originally posted by Pajn View PostNo that is totally against the GPL license.
You can't mix GPL and proprietary code.
Leave a comment:
-
Originally posted by movieman View PostWhich I couldn't care about in the slightest, compared to the risk of hardware manufacturers locking me out of running the software I want to run on the hardware I've paid for.
Leave a comment:
-
Originally posted by Kano View PostI do not fully understand what he means that the windows kernel can be started with kexec. Usally EFI/Microsoft/Boot/bootmgfw.efi is started, thats nothing special but a standard efi binary. I want a sample implementiation to see how it should work
I don't consider the ReatOS loader as valid windows loader example.
Leave a comment:
-
Originally posted by erendorn View PostProtection from rootkits and malware control at the hardware interface layer?
Leave a comment:
-
I do not fully understand what he means that the windows kernel can be started with kexec. Usally EFI/Microsoft/Boot/bootmgfw.efi is started, thats nothing special but a standard efi binary. I want a sample implementiation to see how it should work. I don't consider the ReatOS loader as valid windows loader example.
Leave a comment:
-
Originally posted by MWisBest View PostCan you by chance provide some references for this? I'd be very interested in it!
If this sounds like sarcasm or trolling, it isn't, I'm geniunely interested in reading about this... I just know it can be hard to tell on the internet about things like this sometimes, especially in places where trolling can be common like here.
Leave a comment:
-
Originally posted by mrugiero View PostWell, AFAIK, kernel modules are equally "dangerous", to put it in some way. Anyway, it is probably fixable. If you can make a software that only loads signed kernels, you probably can modify kexec and the module loading functions to work the same way.
Also, I have news for the ones celebrating this: if you get to run a Linux kernel, either you are running Android (AFAIK, they don't use UEFI, so SecureBoot is already out of the picture and the vendor lock-in has been achieved in some other way), or you already bypassed SecureBoot if that's what you wanted. So, this news is at best "meh" if you dislike SecureBoot, and it is bad (but fixable) if you consider it a feature. So there is no reason to party here.
With ARM platforms, it uses the ARM TrustZone, which can basically serve the same purpose and more that SecureBoot does.
Leave a comment:
-
Well, AFAIK, kernel modules are equally "dangerous", to put it in some way. Anyway, it is probably fixable. If you can make a software that only loads signed kernels, you probably can modify kexec and the module loading functions to work the same way.
Also, I have news for the ones celebrating this: if you get to run a Linux kernel, either you are running Android (AFAIK, they don't use UEFI, so SecureBoot is already out of the picture and the vendor lock-in has been achieved in some other way), or you already bypassed SecureBoot if that's what you wanted. So, this news is at best "meh" if you dislike SecureBoot, and it is bad (but fixable) if you consider it a feature. So there is no reason to party here.
Leave a comment:
Leave a comment: