On Mon, Nov 18, 2019 at 03:34:46PM +0900, AKASHI Takahiro wrote:
Heinrich,
On Sat, Nov 16, 2019 at 09:10:35PM +0100, Heinrich Schuchardt wrote:
On 11/13/19 1:53 AM, AKASHI Takahiro wrote:
A signature database variable is associated with a specific guid. For convenience, if user doesn't supply any guid info, "env set|print -e" should complement it.
If secure boot is enforced, users should not be able to change any security relevant variables.
I disagree. In fact, UEFI specification allows users to modify security database variables if their signatures are verified. For example, "db" must be signed by one of certificates in PK or KEK, and updating its value will should be authenticated in SetVariable API. That is what my patch#7 exactly does.
Thanks, -Takahiro Akashi
I agree. It must be possible for any user of the EFI subsystem to be able to update db/KEK/PK *if* he provides a valid signatures. The thing is that keys are replaced and rerolled, not only because keys were com- promised, but also because some policies say it's useful to replace the keys regularly so that attempts to crack the key have less time to be successfull. There are more use-cases then that, but what is important is that it's possible to change them, if properly signed.
Thanks, Patrick