Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE
From:
Damien Zammit
Subject:
Re: [PATCH 1/7] multiboot2: Add load type header and support for the PE binary type
Date:
Thu, 14 Mar 2024 08:12:55 +0000
Hi, I saw this on the list and have concerns:
-------- Original Message -------- On 14 Mar 2024, 6:24 pm, Jan Beulich via Grub-devel < grub-devel@gnu.org> wrote: On 13.03.2024 16:07, Ross Lagerwall wrote: >> In addition to the existing address and ELF load types, specify a new >> optional PE binary load type. This new type is a useful addition since >> PE binaries can be signed and verified (i.e. used with Secure Boot).
> And the consideration to have ELF signable (by whatever extension to the ELF spec) went nowhere? Jan
If the purpose of signing binaries is to prevent their execution unless they are signed by their owner, this is MALWARE unless the end user can replace the keys with one of their choosing. Adding a field to elf to provide this feature is IMHO asking for trouble because the key is stored elsewhere and there is nothing to prevent abuse of this field to deny users their freedom to run code, (ie by not providing them the key or a guaranteed mechanism for providing their own).
On that note, why is it such a useful feature to restrict the freedom to run code in grub? If grub selects malware to execute, the user must have chosen to run it - or grub itself is compromised?
Do you think that locking binaries down is the future for users to ensure their own security or it is acceptable for 3rd parties to hide platform keys to lock all systems down, even by binary?