On Sat, Jun 16, 2012 at 12:22:24PM +0300, Maxim Kammerer wrote: > On Fri, Jun 15, 2012 at 3:01 PM, Rich Freeman <[email protected]> wrote: > > I think that anybody that really cares about security should be > > running in custom mode anyway, and should just re-sign anything they > > want to run. Custom mode lets you clear every single key in the > > system from the vendor on down, and gives you the ability to ensure > > the system only boots stuff you want it to. > > I have several questions, that hopefully someone familiar with UEFI > Secure Boot is able to answer. If I understand UEFI correctly, the > user will need to not just re-sign bootloaders, but also the > OS-neutral drivers (e.g., UEFI GOP), which are hardware-specific, and > will be probably signed with Microsoft keys, since the hardware vendor > would otherwise need to implement expensive key security measures — is > that correct?
Huh? No, why would a user need to resign the UEFI drivers? Those "live" in the BIOS and are only used to get the machine up and running in UEFI space, before UEFI hands the control off to the bootloader it has verified is signed with a correct key. > If the user does not perform this procedure (due to its > complexity and/or lack of tools automating the process), is it > possible for an externally connected device to compromise the system > by supplying a Microsoft-signed blob directly to the UEFI firmware, > circumventing the (Linux) OS? Again, what? Please explain. > Is it possible to develop an automatic > re-signing tool — i.e., does the API support all needed features > (listing / extracting drivers, revoking keys, adding keys, etc.)? What API? The signing tool is public, and no, it doesn't add keys, that's up to the BIOS to do, not the userspace tool. confused, greg k-h
