From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933188Ab3B1TlZ (ORCPT ); Thu, 28 Feb 2013 14:41:25 -0500 Received: from ka.mail.enyo.de ([87.106.162.201]:43608 "EHLO ka.mail.enyo.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756233Ab3B1TlY (ORCPT ); Thu, 28 Feb 2013 14:41:24 -0500 From: Florian Weimer To: Matthew Garrett Cc: Chris Friesen , Greg KH , David Howells , Linus Torvalds , Josh Boyer , Peter Jones , Vivek Goyal , Kees Cook , keyrings@linux-nfs.org, Linux Kernel Mailing List Subject: Re: [GIT PULL] Load keys from signed PE binaries References: <20130221164244.GA19625@srcf.ucam.org> <18738.1361836265@warthog.procyon.org.uk> <20130226005955.GA19686@kroah.com> <20130226023332.GA29282@srcf.ucam.org> <20130226030249.GB23834@kroah.com> <20130226031338.GA29784@srcf.ucam.org> <20130226033156.GA24999@kroah.com> <8738wgsweq.fsf@mid.deneb.enyo.de> <512F7B0E.1030404@genband.com> <20130228193023.GA8090@srcf.ucam.org> Date: Thu, 28 Feb 2013 20:41:13 +0100 In-Reply-To: <20130228193023.GA8090@srcf.ucam.org> (Matthew Garrett's message of "Thu, 28 Feb 2013 19:30:23 +0000") Message-ID: <87d2vkns4m.fsf@mid.deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Matthew Garrett: >> Would it be possible to have a signed bootloader that allows booting >> Win8 from within the secure environment, or it could exit the secure >> environment and run unsigned grub? > > What would stop the unsigned grub from installing a firmware hook that > lies about whether or not Secure Boot is enabled, and then booting > Windows? Windows would not have access to the product key because it is stored in a variable without EFI_VARIABLE_RUNTIME_ACCESS, so WGA and other checks will fail, and the user will notice. (Not sure if it is implemented this way, my test machine lost the firmware-embedded product key after the mainboard was replaced.)