https://bugzilla.novell.com/show_bug.cgi?id=843661 https://bugzilla.novell.com/show_bug.cgi?id=843661#c0 Summary: Need enable kernel module sign to avoid the signed shim to be an attack vector Classification: openSUSE Product: openSUSE Factory Version: 13.1 Beta 1 Platform: x86-64 OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: jlee@suse.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- Need enable kernel module sign to avoid the openSUSE shim/bootloader/kernel to be an attack vector. We need enable the kernel module sign function in openSUSE kernel to avoid attacker use openSUSE shim/bootloader/kernel to attack other OS. Attacker can add the openSUSE zypper repository for install openSUSE shim/bootloader/kernel to system, then boot to the openSUSE kernel that doesn't have kernel module sign function to verify the malicious kernel module. That means the secure boot of this hacked system become invalid. Due to openSUSE will be an attack vector, that may causes the shim of openSUSE will be list in dbx, revoke by Microsoft. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.