:: Re: [DNG] UEFI Secure Boot workarou…
Top Page
Delete this message
Reply to this message
Author: Rainer Weikusat
Date:  
To: dng\@lists.dyne.org
Subject: Re: [DNG] UEFI Secure Boot workaround?
Didier Kryn <kryn@???> writes:
> Le 04/03/2016 12:42, Arnt Gulbrandsen a écrit :
>> Didier Kryn writes:
>>>     Insert a Knoppix Cdrom, mount your home and read it. If UEFI
>>> refuses to boot the Knoppix disk, use the Debian installer.

>>
>> Mounting the home (using either knoppix or d-i) requires the luks
>> passphrase. You could get that passphrase if you're able to install
>> a keysniffing kernel that my boot loader trusts, and give me the
>> laptop back. Or perform some other attack that either bypasses luks
>> or obtains the password.
>>
>> Arnt
>>
>     Booting from removable media bypasses the bootloader (does it
> bypass UEFI?). Therefore it is enough to have a live OS on removable
> media, equipped with this keysniffing kernel. But, sure, as
> Dr. Nikolaus Klepp writes, it suffices to plug the disk into another
> computer.

>
>     I wonder if this UEFI thingy is anything else than a pure annoyance.


It's designed to be useful to the people "PC hardware vendors" have a
reason to care for, IOW, Microsoft, Microsoft and Microsoft. Probably
for no more nefarious reasons make "software and content
'piracy'" more difficult by ensuring that "ordinary users" can't run
software enabling them to do so.

That it additionally requires some amount of "jailbreaking" in order to
install "Linux system software" the usual suspects disapprove of is
probably just a side effect.

BTW,

https://citp.princeton.edu/research/memory/