So a couple questions about 3rd party kernel drivers:
a) Are they part of the secure boot process, aka signed with the secure boot uefi keys OR signed with a different key that microsoft uses?
b) Could not a potentially vulnerable 3d party kernel driver load malware in ring 0?
c) Could malicious drivers mess with secure boot (I am guessing not because it requires either a PK, KEK or DB key signature to add or remove entries)
#3 rd Party Kernel Drivers and Security
torn beacon
true abyss
So a couple questions about 3rd party kernel drivers:
a) Are they part of the se...
Fellow nerd; not related to microsoft, and prob wrong about this:
a) Loaded after bootloader, so dose not require eithor
b) Yes, happens all the time, hense why its bad, look up bring your own vuneral kernel driver
c) I mean it could mess with kernel right after boot, and esencialy do anything that windows could; just cant screw with secure boot unless bios bug occors, but unless your dual booting, getting a vunl kernel driver is alsmost as bad, you could get all the windows related keys too I belive, just not others
torn beacon
Fellow nerd; not related to microsoft, and prob wrong about this:
a) Loaded aft...
Thank you for taking the time man lets unpack this:
a) It seems that they are signed from a CA because there is a list of them in https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules
b) Damn I did not know it was that bad! Are kernel drivers not checked THOROUGHLY before being signed?
c) I am dual booting with my actual work os (linux) and as far as I have seen it can't fuck with secure boot since secure boot requires either user input in the bios side OR microsoft signed (from the db or kek) commands to add keys
true abyss
Thank you for taking the time man lets unpack this:
a) It seems that they are si...
A) they are signed by microsoft to install when not disabled for testing in system settings (requires admin, and modifies some stuff, and makes sure you know its a unsecured system)
B) yes, but after signed, you cant revoke without a update, and any buffer overflows, or other traditional errors are now able to be used by anything to get from admin to ring 0, or if already installed, user level to ring 0
C) yes, microsoft traditionaly hands out secure boot keys, but thats diffrent than driver signing; debian has a secure boot key, but not a driver.
torn beacon
A) they are signed by microsoft to install when not disabled for testing in syst...
good to know thank you!