Circumventing kernel signing
Mitch Bradley
wmb at laptop.org
Thu Jan 3 02:52:42 EST 2008
At some point, when these fairly obvious loopholes that we have known
about since forever are closed, we plan to change the key so new
machines will only run the more secure OS versions. Old machines will
continue to be vulnerable until they are upgraded to new firmware with
the new key, and some old machine may always be vulnerable.
Meanwhile, I reiterate my earlier claim that a no-modules kernel will be
easier to secure. Even if you require signed modules, the extra
complexity creates attack opportunities. Each additional door is a
ingress opportunity.
Asheesh Laroia wrote:
> On Thu, 3 Jan 2008, John Richard Moser wrote:
>
>
>> I did not address the mass of other crap you could do to the system with
>> root. I was only addressing evading the OFW security implementation for
>> only booting signed OSes.
>>
>
> Here's another vector:
>
> 1. On a laptop that comes from the factory with the above security holes
> fixed, install a current (as of Jan 2 2008) signed release (which is
> signed with the same key, and therefore okay according to the XO)
>
> 2. Notice that it has (at least) the security holes described in this
> thread.
>
> 3. kexec or modprobe your way to a different OS!
>
> (4. Profit!)
>
> -- Asheesh.
>
>
More information about the Devel
mailing list