On Thu 2012-11-01 15:02:25, Chris Friesen wrote: > On 11/01/2012 02:27 PM, Pavel Machek wrote: > > >Could someone write down exact requirements for Linux kernel to be signed by Microsoft? > >Because thats apparently what you want, and I don't think crippling kexec/suspend is > >enough. > > As I understand it, the kernel won't be signed by Microsoft. > Rather, the bootloader will be signed by Microsoft and the vendors > will be the ones that refuse to sign a kernel unless it is > reasonably assured that it won't be used as an attack vector. Yes. So can someone write down what "used as an attack vector" means? Because, AFAICT, Linux kernel is _designed_ to work as an attact vector. We intentionally support wine, and want to keep that support. > With secure boot enabled, then the kernel should refuse to let an > unsigned kexec load new images, and kexec itself should refuse to > load unsigned images. Also the kernel would need to sign its > "suspend-to-disk" images and refuse to resume unsigned images. I believe that attacking Windows using wine is easier than using suspend-to-disk. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html