On 13/11/2016 23:03, Greg Freemyer wrote:
On Sun, Nov 13, 2016 at 12:48 PM, Tony Su <[email protected]> wrote:
Probably not possible, but a simple Google search returns these hits...
A Windows RT Jailbreak tool
http://forum.xda-developers.com/showthread.php?t=2092158
A jailbreak is basically a piece of malware that leverages a
vulnerability to grant Administrator (root) privileges to a
non-privileged user. As the vulnerabilities are found by developers
or jailbreaks, the OS providers create security patches to keep them
from working. Microsoft has worked hard to keep there from being any
well known vulnerabilities in Windows RT. With Android, the
vulnerabilities often exist for years at a time on any given
phone/tablet.
Anyway, the 2013 jailbreak you linked to long since quit being useful
on a Surface RT with an updated OS. In particular, that one only ever
worked with RT 8. RT 8.1 was released a couple years ago and the
Surface RT I'm trying to access has already been upgraded to RT 8.1
Sorry, I haven't actually read the link above, but rather assumed it was
this leak:
http://www.theregister.co.uk/2016/08/10/microsoft_secure_boot_ms16_100/
You can try turning off "secure boot" in your BIOS settings
http://venturebeat.com/2013/02/06/yes-you-can-run-linux-on-your-microsoft-surface-pro/
A Surface Pro is just a fancy Intel laptop. All the normal Intel
laptop solutions work. I'm not overly concerned with the Pros at this
point.
And, applying general principles without at all looking at how an RT
boots, I'd assume that it should be possible to chainload the Windows
bootloader like x86 Windows. This assumes that the RT bootloader is
likely the same as x86 Windows bootloaders so can be modified the same
way. Don't know why there are no hits of anyone trying to do this.
I don't claim to understand Arm bootloaders in general or the RT
bootloader specifically, but what I've read is it implements the UEFI
secure boot feature and there is no way to disable it.
There is a way to tell it to boot from a USB drive, but I would need
to have a functioning Arm kernel that was signed by a legal MS key for
it to work.
Thus my asking if any of the openSUSE Arm kernels are signed with an
MS key. BTW: I believe the openSUSE Intel kernels are signed with a
MS key, so it isn't out of the question for the Arm keys to be.
fyi: There is a signed Windows RT Rescue kernel. I've successfully
booted it, but it continues to refuse to run any apps not signed with
a MS key. If I have a copy of dd for the RT/arm architecture that was
signed by a MS key, I'd be done. All I want to do is make a copy of
the SSD. The equivalent of dd if=/dev/sda of=image_file.
With the link above you might be able to get to your goal, right? :)
Alex
--
To unsubscribe, e-mail: [email protected]
To contact the owner, e-mail: [email protected]
