There's only one thing, though: UEFI signed boot as implemented by Microsoft
would be useless to those organizations. They need to control the boot process
to allow only the software the organization approves (including the ability to
lock out software signed by Microsoft), while Microsoft's UEFI rules permit the
loading of any software anyone approved by Microsoft permits including software
not approved by the organization. Those organizations would need the same thing
hobbyists would: complete control over exactly what keys were enrolled in the
hardware plus the ability to generate and enroll their own keys independent of
any outside authority.
And ASLR isn't nearly as effective as it's made
out to be. One of the first things I learned way back when was how to write code
that didn't care where it was loaded in memory. The only attack that ASLR
really protects against (where the randomization can't be trivially worked
around) is stack overwriting, and constraints on the stack and things like NOP
slides make ASLR less effective at protecting the stack than other areas. Case
in point: Windows 7. It employs ASLR plus other more effective measures, yet we
don't see any major decrease in penetrations.
As I said, UEFI's like
putting a better lock on the window: it may technically improve the security of
the house, but as long as the burglars are waltzing in and out of the unlocked
front door it's not going to have any real effect. [ Reply to This | Parent | # ]
|