:: Re: [DNG] UEFI Secure Boot workarou…
Forside
Slet denne besked
Besvar denne besked
Skribent: Didier Kryn
Dato:  
Til: dng
Emne: Re: [DNG] UEFI Secure Boot workaround?
Le 04/03/2016 12:10, Arnt Gulbrandsen a écrit :
> Simon Hobson writes:
>> Isn't it the bootloader that UEFI loads and runs, and as long as the
>> bootloader (Grub) is signed, then UEFI should boot it and grub can
>> boot anything you want. Kind of blasts the argument that secure boot
>> is either essential or secure out of the water when you can sign one
>> bit of "insecure"* code and have it load anything.
>
> I wonder if you misunderstand, perhaps...
>
> I have a linux laptop with data you shouldn't access. You may assume
> it's sensibly configured (secure boot, luks, etc, but standard
> hardware, no epoxy). Can you explain to me how you would evade its
> security? I'm not interested in how I could misconfigure it, because
> I'm not worried about attacks by myself. Assuming I configured it
> sensibly, how would you either access the data or install
> password-sniffing software?
>
> Arnt


     Insert a Knoppix Cdrom, mount your home and read it. If UEFI 
refuses to boot the Knoppix disk, use the Debian installer.


     I can see two ways to protect data: protect the laptop, or crypt 
the data.


     Didier