'Re: [oss-security] Plug-and-wipe and Secure Boot semantics'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Plug-and-wipe and Secure Boot semantics
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-12-19 18:08:11
Message-ID: 50D2028B.9090903 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/19/2012 09:34 AM, Greg KH wrote:
> We don't know what vendors are basing their UEFI bios
> implementation on the open source version, I know there is at least
> one UEFI bios that is not based on the open source version, or so
> it is reported (the BSD license of Tianocore means that we will
> never really know.)
> 
> Determining what machine is running what bios from what company
> that was based on what version of the open source UEFI
> implementation is going to be a huge problem in the long run and
> something that I sure don't want to have to track.
> 
> There have been reported bugs in the Tianocore in the past, I
> don't think they were "security" issues in and of themselves,
> should we be reporting them here to get CVE numbers if they are?

If it's a security issue it should ideally get a CVE so it can be
tracked. I only do Open Source CVE assignments though, for closed
source stuff/etc you'd want to ask cve-assign@mitre.org directly.

> thanks,
> 
> greg k-h


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ0gKLAAoJEBYNRVNeJnmTsnkP/icX2MQbPxUKwQS7VylIoq56
yLRUmt49Mn2LGRv6j6SsB0oSOeS/f5uybLu+exAv5Vs1fhLv9wycw4mMQfDuPStK
NmIUUf2P7boNCxxzYr7Kj7/1VAP7k7EnMiUYSvrFl8CLVNI5YyA//u5WX5kZVcg6
w1tl98sMUBdLKftIruFO/bK8dCS+O6SICNKTQSEj5Kp+bPLx5wLWo1i0eO1YvzJu
E7xKGiQWYbVZ88zPI3yRE/FIn739VPhAeNc9TEGPmKC1RefpcIwlZmyL1lVGMeha
sX8mKRQUK1E1sOtME09tK3IQjHBzWYTlofojt8vjQ5a8bAlFeQolZvvfUMUYIWcf
lPTpoDprIVkwbFVpGz82KRSIF5+v0/6G24qizIJGzpSYstZ97xj6X9fSg9bNAPq+
Aj7/Cy8K55moJqIDkIv3yOkco784+F2/eqYIzlXXkMd0yuvIe22PtvlPyD1x2Lx0
dOjj8yYxPAG1kA6xhHo6r/+2cAC4LNQ1B0jK1llcCpmJBkYGxGQXfT0Nztb2sRiH
BBoWxkX8SPYIFHZhQGIDsRvQdSBtxsH3VVaG9G6V8UNvMe86Rak2bhN0qwnj4rZ3
plie/zLzE1qKIMNtXq41ZyWqu2Id1U725mjEVGaTiie/VPQ1iEjPQ1dSa4POFI5G
WUVPO0+NFdvBhhcGhL18
=AJfT
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic