UEFI bootkit

[Alan Cox]

> The proper way to do this is to issue a unique key for each board
> that has the private signing key included for the users who wish to
> add personally signed software. Their key does not work on any other
> machine, of course. Distros could sign their material. And if the user
> wishes to recompile a kernel they can sign it with their own key and
> still boot with it.

While they made a right mess of it and IMHO tried to play ugly cynical
games (and still are on ARM) the underlying concern isn't entirely bogus.
The signing extends through the system including all the firmware. That
means that the firmware you get is the firmware the vendor intended you
to get which cuts out an interesting (and it seems growing) like of
attacks based upon shipping people computers with trojaned firmware.

Now given a lot of this will be built in countries that the USA doesn't
trust, by people they don't trust I'm not sure what impact it will have
on the really "interesting" uses of such technology, but it cuts out some
stuff.

And there is a real issue because as other security improves and systems
with interesting stuff on become highly isolated firmware attacks and
shipping people "pre trojanned" systems into banks etc becomes a rather
attractive attack model.

Alan