https://bugzilla.novell.com/show_bug.cgi?id=842144 https://bugzilla.novell.com/show_bug.cgi?id=842144#c2 Andrey Borzenkov <arvidjaar@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |arvidjaar@gmail.com --- Comment #2 from Andrey Borzenkov <arvidjaar@gmail.com> 2013-09-25 05:20:24 UTC --- I would not call it enhancement ... rather it sounds like honest security issue. We are providing trusted binary that is able to load arbitrary code WITHOUT ANY SECURITY CHECKS. IOW signed grub.efi should really disable any other loader except linuxefi and secured chainloader. I.e. only those loaders that verify payload via shim should be allowed. Of course, this does not solve the problem of unsigned initrd at all, so it just pushes the problem one level up. But as we are not *executing* it, it strictly speaking is not our (grub) problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.