Mathew Garrett On The State Of Boot Security
Matthew Garrett presented this week at the Chaos Computer Club's 32C3 conference about the state of boot security.
Garrett, a well known Linux kernel developer that has been working on (U)EFI Linux support for years, presented on the boot security not just for Linux but also Windows and OS X. In regards to the UEFI Secure Boot state from Matthew's perspective, Windows support is there in "a meaningful way" and it's "good, but not perfect." On the Apple side, there is currently no TPM or Secure Boot support. Users are encouraged not to do anything sensitive from a Mac. Under Linux, the signatures of the initrd aren't verified that makes some attacks possible. Matthew says Linux is "vulnerable out of the box, but can be configured to be better than Windows."
More details via his blog post and the CCC talk video that's embedded below.
Garrett, a well known Linux kernel developer that has been working on (U)EFI Linux support for years, presented on the boot security not just for Linux but also Windows and OS X. In regards to the UEFI Secure Boot state from Matthew's perspective, Windows support is there in "a meaningful way" and it's "good, but not perfect." On the Apple side, there is currently no TPM or Secure Boot support. Users are encouraged not to do anything sensitive from a Mac. Under Linux, the signatures of the initrd aren't verified that makes some attacks possible. Matthew says Linux is "vulnerable out of the box, but can be configured to be better than Windows."
More details via his blog post and the CCC talk video that's embedded below.
10 Comments