The State Of Linux Distributions Handling SecureBoot

**mjg59** · 12-28-2012, 01:56 PM

Originally Posted by duby229

MS essentially said... "Lets make up some imaginary boot loader virus so we can fuck linux!"

Windows 8 is still gonna get just as comprimised as every other windows has ever been. And booting linux doesnt have a single damn thing to do with that.

Repeating the same thing over and over doesn't make it true. I've explained why and how this improves security.

**duby229** · 12-28-2012, 02:04 PM

Originally Posted by mjg59

Yeah, we're so fucked that there's already mainstream Linux distributions that boot out of the box on Secure Boot systems.

With MS's blessing.... What about every other linux configuration that is otherwise perfectly valid? You dont get it. If a virus invects MS's bootloader it doesnt mean shit for linux. It's MS's problem.

**duby229** · 12-28-2012, 02:06 PM

Originally Posted by mjg59

Repeating the same thing over and over doesn't make it true. I've explained why and how this improves security.

Visa-versa... You repeating the same crap over and over still doesnt make MS's security flaws a problem that linux has to deal with. It DOESNT improve security for LINUX. It just prevents linux from booting. Period. Which I believe full heartedly that was the entire intention in the first place...

**mjg59** · 12-28-2012, 02:14 PM

Originally Posted by duby229

Visa-versa... You repeating the same crap over and over still doesnt make MS's security flaws a problem that linux has to deal with. It DOESNT improve security for LINUX. It just prevents linux from booting. Period. Which I believe full heartedly that was the entire intention in the first place...

Why do you think these attacks are any less plausible on Linux?

**duby229** · 12-28-2012, 02:16 PM

Originally Posted by mjg59

Why do you think these attacks are any less plausible on Linux?

It doesnt matter. Its not MS's place to decide for linux. period.

If the linux community wants to take the time to derive a solution of there own, they will. If it becomes a large enough problem that action needs taken, it will be taken

**Kano** · 12-28-2012, 02:20 PM

I just want to know if there is a signed shim out there that does not check for a 2nd stage bootloader signature, that would kill all security

**mjg59** · 12-28-2012, 02:27 PM

Originally Posted by duby229

It doesnt matter. Its not MS's place to decide for linux. period.

They didn't. They decided for Microsoft. But, as I explained, there's no way for them to implement this security mechanism without also placing certain requirements on any other trusted binaries that those machines will boot out of the box.

**mjg59** · 12-28-2012, 02:28 PM

Originally Posted by Kano

I just want to know if there is a signed shim out there that does not check for a 2nd stage bootloader signature, that would kill all security

Which is why one doesn't exist.

**duby229** · 12-28-2012, 02:29 PM

Originally Posted by mjg59

They didn't. They decided for Microsoft. But, as I explained, there's no way for them to implement this security mechanism without also placing certain requirements on any other trusted binaries that those machines will boot out of the box.

An imaginary boot loader virus didnt decide nothing.

"Oh my imaginary friend told me I had to do it occifer! STOP IT YOUR STANDING ON HIM!!!"

**mjg59** · 12-28-2012, 02:37 PM

Originally Posted by duby229

An imaginary boot loader virus didnt decide nothing.

https://support.kaspersky.com/viruse...?qid=208280748 - they're not imaginary.
http://www.securelist.com/en/analysi...ws_x64_Bootkit describes one in detail.

Thread: The State Of Linux Distributions Handling SecureBoot

Thread Tools

Search Thread

Display

Posting Permissions