On Fri, Nov 02, 2012 at 11:38:23PM +0000, James Bottomley wrote: > On Fri, 2012-11-02 at 18:04 +0000, Matthew Garrett wrote: > > A user runs a binary that elevates itself to admin. Absent any flaws in > > Windows (cough), that should be all it can do in a Secure Boot world. > > But if you can drop a small trusted Linux system in there and use that > > to boot a compromised Windows kernel, it can make itself persistent. > > We seem to be talking past each other. Assume you managed to install a > Linux boot system on the windows machine. If the linux boot requires > present user on first boot (either because the key of the bootloader > isn't in db or because the MOK database isn't initialised), you still > don't have a compromise because the loader won't start automatically. Why would an attacker use one of those Linux systems? There's going to be plenty available that don't have that restriction. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
