Highest Voted 'secure-boot' Questions - IT Security Stack Exchange

14

votes

6 answers

What's stopping someone from copying my HDD/SSD?

Let's say I have to leave my computer unattended and turned off for a while with some strangers, is it possible for someone to clone my HDD and SSD data?

boot secure-boot

asked Jul 01 '21 at 13:14

Gem

265
2
4

7

votes

2 answers

Is it possible to make a laptop useless to thieves?

I was robbed... That included my Linux notebook and my company's notebook. Both are encrypted. Mine is encrypted with LVM over LUKS, using a passphrase to unlock the hard drive once the kernel has been started by the UEFI. But Secure Boot was…

tpm uefi secure-boot

asked Apr 12 '20 at 23:39

Cilyan

183
6

3

votes

1 answer

Secure boot after an OTA update confusion

My understanding is that secure boot works by verifying each stage in the boot process before proceeding. So first, UEFI or booting firmware will validate the signature of the bootloader, then kernel, applications etc. before loading. When an OTA…

tpm code-signing updates uefi secure-boot

asked Mar 14 '22 at 05:14

Engineer999

257
1
8

2

votes

1 answer

How do you boot from the network using https?

How do you boot a Linux live image from a CDN using Https as boot protocol? The reason for netbooting using a CDN would be to start fresh with a non persistent operating system image. Booting fresh via the network should make it harder to persist…

linux antimalware boot secure-boot

asked Jul 02 '22 at 14:22

Christian

265
1
3

2

votes

0 answers

How to prevent grub.cfg from breaking the chain of trust?

First some definitions and common understanding. The premise of secure boot is that each binary get's verified before it is loaded. This starts with the firmware in ROM verifying the EFI application. For the case of a Linux boot that EFI…

linux secure-boot grub

asked Sep 30 '21 at 14:39

TheMeaningfulEngineer

163
6

2

votes

2 answers

Secure boot for devices which don't have hardware security element

I understand that Root of Trust is necessary for implementing a secure boot on a device. Root of Trust is strong and trust worthy if this comes from hardware security elements like HSM/TPM/.. So for devices which are not having hardware security…

trust tpm hsm root secure-boot

asked May 13 '21 at 17:35

Akhilesh Gupta

163
9

2

votes

1 answer

Understanding Secure Boot

I'm trying to understand the secure boot process of an OS but there are few points I can't wrap my head around. At a high level, afaik, secure boot ensures that the loaded OS is authenticated by its respective vendor. If an adversary modifies the OS…

authentication operating-systems integrity boot secure-boot

asked Jun 19 '20 at 22:25

SpiderRico

177
5

2

votes

3 answers

How much of the system is secure boot going to cover?

Background: We're developing for a Debian 9.8 system on an x86, but most of us here are more used to dealing with embedded devices. according to wikipedia, secure boot can "secure the boot process by preventing the loading of drivers or OS loaders…

secure-boot

asked Sep 09 '19 at 22:58

user1733212

21
2

2

votes

1 answer

Secure Boot - Usage of blacklist DB

I have been reading up on the details of Secure Boot, in particular the authorized and forbidden databases: Before enabling UEFI Secure Boot (by setting the PK) the white and black lists DB & DBX must be set up with authorized and forbidden…

secure-boot

asked Jun 12 '19 at 15:15

Nubcake

135
5

1

vote

0 answers

How hard is it to modify UEFI nvram if the device is off and the UEFI is locked?

This assumes that: Machine is powered off No UEFI backdoors No Reflashing the firmware No clearing the NVRAM (The point is to modify/read a small amount of NVRAM, instead of resetting it) Device requires password to POST (Enforced by…

disk-encryption memory physical-access uefi secure-boot

asked Jul 22 '22 at 15:50

A-random-nerd

11
2

1

vote

1 answer

Is it possible to allow only a certain secure USB boot media to boot an UEFI system?

I want to restrict all USB boot media from my system, except for a certain USB boot drive that I declare secure via a certain key. Is this possible using UEFI/Secure Boot/TPM? Maybe via TPM? TPM gets a private key and checks if public key on USB…

tpm boot uefi secure-boot trusted-boot

asked Jul 01 '22 at 06:04

JohnnyFromBF

1,413
4
16
23

1

vote

2 answers

TPM Endorsement Key usage in secure and trusted boot

Taking into account a Root of Trust in a device using a TPM. My understanding is that the bootloader, firmware, operating system, applications etc. are all verified on startup by validating signatures with the vendors public key. The TPM Endorsement…

tpm code-signing secure-boot trusted-boot

asked Mar 22 '22 at 09:00

Engineer999

257
1
8

1

vote

0 answers

Is grub implementation of secure boot inherently flawed?

Definitions Grub is the second stage bootloader often found in Linux distributions. shim is the first bootloader ran by the ROM firmware. It is signed by Microsoft. ROM firmware is the code embedded in the hardware which implements the UEFI…

boot uefi secure-boot grub

asked Feb 24 '22 at 16:47

TheMeaningfulEngineer

163
6

1

vote

0 answers

Is it possible for malware to overwrite UEFI code when installing an operating system?

If the ISO file for an operating system is malicious, is it possible for it to overwrite UEFI code when booted (If secure boot is disabled)?

operating-systems uefi secure-boot

asked Feb 19 '22 at 14:16

4389759843759

11
1

1

vote

0 answers

Security implications of automatic signing of kernel modules on Debian/Ubuntu (like VirtualBox does)

In the past, to install VirtualBox on Debian/Ubuntu you needed to sign some kernel modules, otherwise it would not work. The process involved creating a key pair, importing the public key as a MOK (Machine Owner Key) in the firmware, signing the…

ubuntu kernel secure-boot virtualbox

asked Feb 02 '21 at 21:22

reed

15,398
6
43
64

Questions tagged [secure-boot]