Am Montag, 13. Juni 2016 schrieb Adam Borowski: > On Mon, Jun 13, 2016 at 09:14:00PM +0200, Edward Bartolo wrote: > > But I still am convinced with a signed kernel one can still use it to > > boot any installed OS. My reasoning goes like this: once the signed > > kernel boots, it would be in control of the machine. A running kernel > > can be used to run any executable provided the latter is coded for the > > same machine architecture. So, the boot procedure would first consist > > of UEFI loading the signed kernel, the kernel then loads a bootloader > > like GRUB*. > > Not anymore. Any syscalls and devices that can be used to subvert the > system by its owner, even as root, are disabled when Secure Boot is in > use. So sorry, no kexec or loading a bootloader module unless the kernel > being kexeced is itself signed. >
Broken computers for a broken world. -- Please do not email me anything that you are not comfortable also sharing with the NSA. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
