Subverting security with kexec (Defeating 'secure' boot)

Posted by tuxchick on Dec 4, 2013 2:28 PM EDT
Matthew Garrett's Journal; By Matthew Garrett 		Mail this story
Print this story

But that's not the most interesting way to use kexec. If you can load arbitrary code into the kernel, you can load anything. Including, say, the Windows kernel. ReactOS provides a bootloader that's able to boot the Windows 2003 kernel, and it shouldn't be too difficult for a sufficiently enterprising individual to work out how to get Windows 8 booting. Things are a little trickier on UEFI - you need to tell the firmware which virtual?physical map to use, and you can only do it once. If Linux has already done that, it's going to be difficult to set up a different map for Windows. Thankfully, there's an easy workaround. Just boot with the "noefi" kernel argument and the kernel will skip UEFI setup, letting you set up your own map.

Why would you want to do this? The most obvious reason is avoiding Secure Boot restrictions

Full Story

  Nav
» Read more about: Story Type: News Story, Security, Tutorial; Groups: Kernel, Linux

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.