oss-sec mailing list archives
Plug-and-wipe and Secure Boot semantics
From: Florian Weimer <fweimer () redhat com>
Date: Tue, 18 Dec 2012 13:46:47 +0100
Some UEFI machines seem to boot from USB by default, without any prompting, probably assuming that a signed boot loader cannot cause any damage. Most signed Linux boot loaders only verify the kernel (and, indirectly, code that's loaded into the kernel), but not the initrd contents. (This isn't possible because initrds are system-specific and thus cannot be signed in general. Recovery images signed by system manufactures likely have similar issues.) As a result, the signed loader might start something that wipes the hard disk or uploads its contents somewhere
I'm wondering if this is a problem. I haven't investigated boot order defaults for legacy systems, so I don't know if this plug-and-wipe issue is a regression. In the end, this boils down to what Secure Boot means, semantically.
-- Florian Weimer / Red Hat Product Security Team
Current thread:
- Plug-and-wipe and Secure Boot semantics Florian Weimer (Dec 18)
- Re: Plug-and-wipe and Secure Boot semantics Greg KH (Dec 18)
- Re: Plug-and-wipe and Secure Boot semantics Florian Weimer (Dec 18)
- Re: Plug-and-wipe and Secure Boot semantics Greg KH (Dec 18)
- Re: Plug-and-wipe and Secure Boot semantics Florian Weimer (Dec 19)
- Re: Plug-and-wipe and Secure Boot semantics Greg KH (Dec 19)
- Re: Plug-and-wipe and Secure Boot semantics Kurt Seifried (Dec 19)
- Re: Plug-and-wipe and Secure Boot semantics Florian Weimer (Dec 18)
- Re: Plug-and-wipe and Secure Boot semantics Greg KH (Dec 18)