Robert Pogson

One man, closing all the windows.

Greg Kroah-Hartman Shows UEFI Booting Unsigned Kernel

technology

Greg Kroah-Hartman Shows UEFI Booting Unsigned Kernel

The UEFI interface can enroll the hash of the Linux kernel to be booted securely and he has no need to sign anything…

see Discussion on Google Plus

Let’s hope that behaviour is widespread. One still has to find a way to get the kernel onto the hard drive. Perhaps one can install on one machine and copy/move to another or turn off “secure boot” temporarily. This is good news, at least for x86/amd64 systems. On a similar note, Intel now claims it is not abandoning socketed CPUs

26 Comments

  1. Der Balrog

    Very good, eug. Your link finding skills are unprecedented. You’re almost like a dog.

  2. Robert Pogson

    oiaohm wrote, “So UEFI really is limited on how much help it is unless you lock users out from altering the system completely.”

    True.

    Incidentally, I had a problem with the old BIOS recently. On one of our PCs, the BIOS was changed to “wait for F1 on error” (no idea how that happened). Of course it would not boot with our wireless keyboard. I had to bring Beast’s Fujitsu “aircraft carrier” keyboard to the machine to get in and root around. After looking and failing to find “halt on all errors” or something similar, I reasoned that F1 must be on the keyboard… It worked. I will bet UEFI and “secure boot” will launch no end of similar problems over the years as M$ struggles to survive. I can see M$ using “secure boot” to prevent old versions of that other OS running on new hardware. Nothing prevents M$ from “updating” “secure boot” or its “keys” to jerk around the markets indefinitely. I think all these work-arounds are just a stop-gap. What the world needs is a good lawsuit to put M$ in its place once and for all time. The world missed that chance in DOJ v M$.

  3. oiaohm

    eug problem here is items like Windows Loader will be able to alter to chain load instead of a Linux kernel or even possible chain load from MS own loader.

    http://neosmart.net/blog/2012/announcing-easybcd-2-2-windows-8-dual-booting-and-more/

    So UEFI really is limited on how much help it is unless you lock users out from altering the system completely.

    If Ms goal is to prevent windows loader and paradox on x86 they have been wasting there.

    Now the Windows Arm RT device that is a different matter. Only way to prevent windows loader and paradox is prevent other OS’s from running end of story.

    Greg Kroah-Hartman focus is direct booting not chain loading from the MS boot loader.

  4. eug

    Yes, it is!
    With or withou (U2!) UEFI windows malware will continue to have a happy life!

  5. eug

    “UEFI secure boot” is nothing about malware afflicting users. It is ALL about preventing things like paradox and windows loader.

  6. Robert Pogson

    lpbear wrote, “Since that half is trashed the UEFI boot process has no paired key…..no more boot at all. End of game for Windows user.”

    Ahhh, yet another route to unbootability. M$ relies on that to have suckersconsumers buy new machines because it’s cheaper than fixing them sometimes and with malware there’s no guarantee of putting everything right.

  7. lpbbear

    I would imagine the exploit for the so called secure boot is going to be pretty simple. Since as I understand it the method to make the boot secure involves a set of signing keys, one in the UEFI “Bios” and another in the actual Windows operating system, I would guess all it might take to make one of these supposedly secure Windows systems to crap out is infect the OS with something that trashes the half of the process, or key, that exists in Windows. Since that half is trashed the UEFI boot process has no paired key…..no more boot at all. End of game for Windows user.

    My guess is the whole scheme will fall a part in the near future and it will be because of some simple exploit or flaw in the idea.

Leave a comment