UEFI bootkit
JD
jd1008 at gmail.com
Fri Sep 21 02:38:53 UTC 2012
On 09/20/2012 07:56 PM, Eddie G. O'Connor Jr. wrote:
> On 09/20/2012 08:24 AM, jdow wrote:
>> On 2012/09/20 04:45, Matthew Miller wrote:
>>> On Thu, Sep 20, 2012 at 04:29:47AM -0700, jdow wrote:
>>>> That is why I like my unique to the machine key that is supplied to
>>>> the
>>>> user along with the board serial number. So he can make changes.
>>>> But the
>>>> changes for his system cannot affect other systems. That would make
>>>> custom signed Linux kernels possible for a person testing kernel
>>>> builds
>>>> or compiling in obscure filesystems, such as I do from time to time.
>>>
>>> You will be able to do this -- at least, on x86. Some lobbying on
>>> the ARM
>>> front is needed.
>>>
>>> It won't be a key that's supplied to the user, though. The user will
>>> be able
>>> to add their own.
>>
>> As long as the key is unique to one single machine the idea is sound
>> except for the "user too stupid to live" cases.
>>
>> {^_^}
>
What is it that will check "uniqueness" of the key?
Over the internet? Check with what/who ?
Thanx,
JD
More information about the users
mailing list