:: Re: [DNG] UEFI Secure Boot workarou…
Top Page
This message is part of the following thread:
M---+\the complete thread tree sorted by date
M-+\MMSimon Hobson at <-
M\MMMDidier Kryn at ->
Delete this message
Reply to this message
Author: Arnt Gulbrandsen
Date:  
To: dng
Subject: Re: [DNG] UEFI Secure Boot workaround?
Simon Hobson writes:
> Isn't it the bootloader that UEFI loads and runs, and as long
> as the bootloader (Grub) is signed, then UEFI should boot it and
> grub can boot anything you want. Kind of blasts the argument
> that secure boot is either essential or secure out of the water
> when you can sign one bit of "insecure"* code and have it load
> anything.

I wonder if you misunderstand, perhaps...

I have a linux laptop with data you shouldn't access. You may assume it's
sensibly configured (secure boot, luks, etc, but standard hardware, no
epoxy). Can you explain to me how you would evade its security? I'm not
interested in how I could misconfigure it, because I'm not worried about
attacks by myself. Assuming I configured it sensibly, how would you either
access the data or install password-sniffing software?

Arnt


This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] UEFI Secure Boot workaround?Re: [DNG] UEFI Secure Boot workaround?->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)