The matter of EUFI’s Secure Boot vs Legacy Boot has been briefly discussed a couple of days ago. I would ask the List opinion concerning our case.
A bit of the history. We’ve been in the research of malicious hypervisor threat since 2013. We finally developed publicly available HyperCatcher freeware. It runs on specially built Ubuntu 14.4. We tried CentOS 6/7 as well. The OS was compiled to minimize the number of services and OS features to only essential to the application. The software is ISO bootable image.
The problem. As of today, we recommend to switch to Legacy option before booting. Our attempts to find out how to boot in Secure were unsuccessful. I believe that it is not possible if Secure Boot functions correctly. Does anybody know (excepting hacking the UEFI firmware and utilizing nice 0-day) if boot-up is still possible in Secure Boot? We tried so far a few Dell models. What could we add in bootable image so Secure Boot considered it as OK?
There is yet another small issue of Ubuntu output messages while booting, which you could see is you try to use and boot our software. Such “leftovers” are not really important but a bit disturbing people who use our software. Is there anything like compilation option etc. we can use to block Ubuntu boot-up screen output?
One technical note on our research. We experimented with VMware hypervisor (CentOS 6/7 and Ubuntu 14 OS as operating environment as well). The conclusion is that well-designed hypervisor adds less than one percent (0.7% in most cases) of current CPU utilization. For instance, 100% utilization means 99.3% user software and 0.7% the hypervisor. You can use your system for years but will never notice that a hypervisor runs below your OS. It can come from anywhere and even from your motherboard firmware.
Mikhail Utin, CISSP
Rubos, Inc.
mutin@xxxxxxxxx
mikhailutin@!hotmail.com
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
