subject:"\[RFC\] First attempt at kernel secure boot support"

Re: [RFC] First attempt at kernel secure boot support

2012-10-01 Thread Pavel Machek

On Tue 2012-09-04 17:12:56, Matthew Garrett wrote: > On Tue, Sep 04, 2012 at 05:08:53PM +0100, Alan Cox wrote: > > On Tue, 4 Sep 2012 11:55:06 -0400 > > Matthew Garrett wrote: > > > > > The UEFI Secure Boot trust model is based on it not being possible for a > > > user to cause a signed OS to

Re: [RFC] First attempt at kernel secure boot support

2012-10-01 Thread Pavel Machek

On Tue 2012-09-04 17:12:56, Matthew Garrett wrote: On Tue, Sep 04, 2012 at 05:08:53PM +0100, Alan Cox wrote: On Tue, 4 Sep 2012 11:55:06 -0400 Matthew Garrett m...@redhat.com wrote: The UEFI Secure Boot trust model is based on it not being possible for a user to cause a signed OS to

Re: [RFC] First attempt at kernel secure boot support

2012-09-04 Thread Matthew Garrett

On Tue, Sep 04, 2012 at 05:08:53PM +0100, Alan Cox wrote: > On Tue, 4 Sep 2012 11:55:06 -0400 > Matthew Garrett wrote: > > > The UEFI Secure Boot trust model is based on it not being possible for a > > user to cause a signed OS to boot an unsigned OS > > Unfortunately you can't fix this at

Re: [RFC] First attempt at kernel secure boot support

2012-09-04 Thread Alan Cox

On Tue, 4 Sep 2012 11:55:06 -0400 Matthew Garrett wrote: > The UEFI Secure Boot trust model is based on it not being possible for a > user to cause a signed OS to boot an unsigned OS Unfortunately you can't fix this at kernel level because an untrusted application can at GUI level fake a

[RFC] First attempt at kernel secure boot support

2012-09-04 Thread Matthew Garrett

The UEFI Secure Boot trust model is based on it not being possible for a user to cause a signed OS to boot an unsigned OS, even if that user has administrative privileges. This is an initial attempt at a set of patches to reduce root's ability to modify the kernel. We've done this with an

[RFC] First attempt at kernel secure boot support

2012-09-04 Thread Matthew Garrett

The UEFI Secure Boot trust model is based on it not being possible for a user to cause a signed OS to boot an unsigned OS, even if that user has administrative privileges. This is an initial attempt at a set of patches to reduce root's ability to modify the kernel. We've done this with an

Re: [RFC] First attempt at kernel secure boot support

2012-09-04 Thread Alan Cox

On Tue, 4 Sep 2012 11:55:06 -0400 Matthew Garrett m...@redhat.com wrote: The UEFI Secure Boot trust model is based on it not being possible for a user to cause a signed OS to boot an unsigned OS Unfortunately you can't fix this at kernel level because an untrusted application can at GUI level

Re: [RFC] First attempt at kernel secure boot support

2012-09-04 Thread Matthew Garrett

On Tue, Sep 04, 2012 at 05:08:53PM +0100, Alan Cox wrote: On Tue, 4 Sep 2012 11:55:06 -0400 Matthew Garrett m...@redhat.com wrote: The UEFI Secure Boot trust model is based on it not being possible for a user to cause a signed OS to boot an unsigned OS Unfortunately you can't fix this

Re: [RFC] First attempt at kernel secure boot support

Re: [RFC] First attempt at kernel secure boot support

Re: [RFC] First attempt at kernel secure boot support

Re: [RFC] First attempt at kernel secure boot support

[RFC] First attempt at kernel secure boot support

[RFC] First attempt at kernel secure boot support

Re: [RFC] First attempt at kernel secure boot support

Re: [RFC] First attempt at kernel secure boot support

8 matches

Site Navigation

Mail list logo

Footer information