On Tue, Jun 28, 2022 at 08:42:43AM +0200, Vitaly Zaitsev via devel wrote:
On 27/06/2022 21:18, Sharpened Blade via devel wrote:
> Also, even when you cant remove Microsoft keys, you can still use the shim.
If you can't remove Microsoft keys, you're nullifying the whole purpose of
secure boot, because anyone can use a signed shim to boot whatever they
want.
That's thinking about the problem from the wrong point of view. SecureBoot
doesn't prevent an attacker from booting an OS that's different from what
you installed, even without shim they could swap to a different Windows
install. What SecureBoot does is to provide a mechanism to assert that
what has booted matches the original install, and securely tie that
condition to the release of secrets for example to LUKS key.
IOW, the ability to boot another OS is degraded to merely a denial of
service, not a data compromise, because the other OS will be prevented
from accessing the encrypted disk.
The ability to install your own keys, removing Microsoft keys, adds an
additional layer that does let you lock down the machine further, but
even without that it is still a useful technology [1].
With regards,
Daniel
[1] at least it could be except for the huge problem of not securing the
initrd that we have. That's not a secure boot problem though, that's
a Linux vendor problem
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|