- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
It they’ve already got admin privileges, you’re already fucked.
Other OSes like Linux try to maintain this security boundary, though: https://www.man7.org/linux/man-pages/man7/kernel_lockdown.7.html
deleted by creator
You might be right. I think that the Linux kernel doesn’t have an ABI though, so I believe the driver has to be built for the current version of the kernel. I think the idea is also that the driver is signed by the distro, not Microsoft, so the risk of random drivers getting signed accidentally is probably much lower.
depends, they can also loaded via dkms which may not require it
deleted by creator
It kinda depends, on custom kernels DKMS can be incredibly helpful. Like for a hardened kernel, a lot of drivers may be loaded via DKMS.
Yeah, it actually looks like Ubuntu leaves the module signing key accessible to root on the filesystem:
https://wiki.ubuntu.com/UEFI/SecureBoot#Security_implications_in_Machine-Owner_Key_management
So root access basically gives you kernel access, if you just sign a malicious kernel module with the MOK.
That’s just a criticism of the Windows kernel.