Le 04/03/2016 12:10, Arnt Gulbrandsen a écrit :
Simon Hobson writes:
Isn't it the bootloader that UEFI loads and runs, and as long as the
bootloader (Grub) is signed, then UEFI should boot it and grub can
boot anything you want. Kind of blasts the argument that secure boot
is either essential or secure out of the water when you can sign one
bit of "insecure"* code and have it load anything.
I wonder if you misunderstand, perhaps...
I have a linux laptop with data you shouldn't access. You may assume
it's sensibly configured (secure boot, luks, etc, but standard
hardware, no epoxy). Can you explain to me how you would evade its
security? I'm not interested in how I could misconfigure it, because
I'm not worried about attacks by myself. Assuming I configured it
sensibly, how would you either access the data or install
password-sniffing software?
Arnt
Insert a Knoppix Cdrom, mount your home and read it. If UEFI
refuses to boot the Knoppix disk, use the Debian installer.
I can see two ways to protect data: protect the laptop, or crypt
the data.
Didier
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng