© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Steve Langasek (@vorlon) wrote on 2022-09-08:
"I don't know of anything specifically published about this. But the root
issue is that if you load an initramfs, the initramfs is not measured, so
can be modified to steal control of the encrypted disk"
Is there a source to support this statement? As far as I can tell Ubuntu does measure the initramfs into the PCRs, which are in turn utilised to ensure the boot is unmodified.
If it is in fact measured (as also appears the other various boot components as far as I understand) then can it really be designated a "security theater"?
And if it’s not a "security theater" then this bug should be prioritised surely? (or at least not deprioritised).
There needs to be something authoritative to support the statements being made around “security theatre” and requirements for Unified Kernel Images. As far as I understand the individual components of the boot can (and are already in Ubuntu?) measured.