Hi, I saw this on the list and have concerns:
-------- Original Message --------
On 14 Mar 2024, 6:24 pm, Jan Beulich via Grub-devel < grub-devel@gnu.org> wrote:
On 13.03.2024 16:07, Ross Lagerwall wrote:
>> In addition to the existing address and ELF load types, specify a new
>> optional PE binary load type. This new type is a useful addition since
>> PE binaries can be signed and verified (i.e. used with Secure Boot).
> And the consideration to have ELF signable (by whatever extension to the ELF
> spec) went nowhere? Jan
If the purpose of signing binaries is to prevent their execution unless they
are signed by their owner, this is MALWARE unless the end user can replace the
keys with one of their choosing.
Adding a field to elf to provide this feature is IMHO asking for trouble
because the key is stored elsewhere and there is nothing to prevent abuse of
this field to deny users their freedom to run code, (ie by not providing them
the key or a guaranteed mechanism for providing their own).
On that note, why is it such a useful feature to restrict the freedom to run
code in grub? If grub selects malware to execute, the user must have chosen to
run it - or grub itself is compromised?
Do you think that locking binaries down is the future for users to ensure their
own security or it is acceptable for 3rd parties to hide platform keys to lock
all systems down, even by binary?
I'm not convinced.
Damien Zammit
GNU/Hurd hacker
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
