Hi Matthew,
I have been thinking about this issue a lot and the only solution I have found that is both good for Linux and Windows would be to ask for the UEFI admin password when attempting to boot from an untrusted kernel.
Once the password has been verified, the kernel could be automatically signed by the TPM and the password would never be asked again.
That should be secure since the UEFI code is signed (no fake window here) and an already-trusted OS is unlikely to suddenly ask for the password by copying the password window's style.
I personally would like something like this to happen instead of the key nightmare we are going to see but I understand that companies would like to be able to sign one kernel and distribute it to all their client instead of having to write the UEFI admin password every time an update occurs.
Is there any silly case I forgot to take into account?
MùPùF (sorry, no account)
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Asking for the UEFI admin password when before loading an unsigned kernel?
Date: 2012-01-18 08:27 am (UTC)