The matter of EUFI’s Secure Boot vs Legacy Boot has been briefly discussed a 
couple of days ago. I would ask the List opinion concerning our case.

A bit of the history. We’ve been in the research of malicious hypervisor threat 
since 2013. We finally developed publicly available HyperCatcher freeware. It 
runs on specially built Ubuntu 14.4. We tried CentOS 6/7 as well.  The OS was 
compiled to minimize the number of services and OS features to only essential 
to the application. The software is ISO bootable image.

The problem.  As of today, we recommend to switch to Legacy option before 
booting. Our attempts to find out how to boot in Secure were unsuccessful. I 
believe that it is not possible if Secure Boot functions correctly. Does 
anybody know (excepting hacking the UEFI firmware and utilizing nice 0-day) if 
boot-up is still possible in Secure Boot? We tried so far a few Dell models. 
What could we add in bootable image so Secure Boot considered it as OK?

There is yet another small issue of Ubuntu output messages while booting, which 
you could see is you try to use and boot our software. Such “leftovers” are not 
really important but a bit disturbing people who use our software. Is there 
anything like compilation option etc. we can use to block Ubuntu boot-up screen 

One technical note on our research. We experimented with VMware hypervisor 
(CentOS 6/7 and Ubuntu 14 OS as operating environment as well). The conclusion 
is that well-designed hypervisor adds less than one percent (0.7% in most 
cases) of current CPU utilization. For instance, 100% utilization means 99.3% 
user software and 0.7% the hypervisor. You can use your system for years but 
will never notice that a hypervisor runs below your OS. It can come from 
anywhere and even from your motherboard firmware.

Mikhail Utin, CISSP

Rubos, Inc.

CentOS mailing list

Reply via email to