On Thu, Nov 1, 2012 at 10:46 AM, Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote: >> Imagine you run windows and you've never heard of Linux. > > To those people I think you mean "never heard of Ubuntu" ;-) :-) > With all the current posted RH patches I can still take over > the box as root trivially enough and you seem to have so far abolished > suspend to disk, kexec and a pile of other useful stuff. To actually lock > it down you'll have to do a ton more of this. I'm guessing those writing the patches would like to hear about these. Suspend to disk and kexec can probably both be fixed up to work... > Actually from what I've seen on > the security front there seems to a distinct view that secure boot is > irrelevant because Windows 8 is so suspend/resume focussed that you might > as well just trojan the box until the next reboot as its likely to be a > couple of weeks a way. Bit of a straw man isn't it? Hey, don't fix A, I can do B! I'm not saying you're wrong, nor that maybe online attacks which don't persist across reboot wouldn't be more likely, but they aren't attacking the same problem. (I haven't heard any progress on what you point out, but at least we have some progress on some small class of boot time persistent attacks) -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html