UEFI bootkit
Eddie G. O'Connor Jr.
eoconnor25 at gmail.com
Fri Sep 21 01:56:13 UTC 2012
On 09/20/2012 08:24 AM, jdow wrote:
> On 2012/09/20 04:45, Matthew Miller wrote:
>> On Thu, Sep 20, 2012 at 04:29:47AM -0700, jdow wrote:
>>> That is why I like my unique to the machine key that is supplied to the
>>> user along with the board serial number. So he can make changes. But
>>> the
>>> changes for his system cannot affect other systems. That would make
>>> custom signed Linux kernels possible for a person testing kernel builds
>>> or compiling in obscure filesystems, such as I do from time to time.
>>
>> You will be able to do this -- at least, on x86. Some lobbying on the
>> ARM
>> front is needed.
>>
>> It won't be a key that's supplied to the user, though. The user will
>> be able
>> to add their own.
>
> As long as the key is unique to one single machine the idea is sound
> except for the "user too stupid to live" cases.
>
> {^_^}
LoL!....I agree!
EGO II
More information about the users
mailing list