The matter of EUFI?s Secure Boot vs Legacy Boot has been briefly discussed a
couple of days ago. I would ask the List opinion concerning our case.
A bit of the history. We?ve been in the research of malicious hypervisor threat
since 2013. We finally developed publicly available HyperCatcher freeware. It
runs on specially built Ubuntu 14.4. We tried CentOS 6/7 as well. The OS was
compiled to minimize the number of services and OS features to only essential to
the application. The software is ISO bootable image.
The problem. As of today, we recommend to switch to Legacy option before
booting. Our attempts to find out how to boot in Secure were unsuccessful. I
believe that it is not possible if Secure Boot functions correctly. Does anybody
know (excepting hacking the UEFI firmware and utilizing nice 0-day) if boot-up
is still possible in Secure Boot? We tried so far a few Dell models. What could
we add in bootable image so Secure Boot considered it as OK?
There is yet another small issue of Ubuntu output messages while booting, which
you could see is you try to use and boot our software. Such ?leftovers? are not
really important but a bit disturbing people who use our software. Is there
anything like compilation option etc. we can use to block Ubuntu boot-up screen
output?
One technical note on our research. We experimented with VMware hypervisor
(CentOS 6/7 and Ubuntu 14 OS as operating environment as well). The conclusion
is that well-designed hypervisor adds less than one percent (0.7% in most cases)
of current CPU utilization. For instance, 100% utilization means 99.3% user
software and 0.7% the hypervisor. You can use your system for years but will
never notice that a hypervisor runs below your OS. It can come from anywhere and
even from your motherboard firmware.
Mikhail Utin, CISSP
Rubos, Inc.
mutin at rubos.com
mikhailutin@!hotmail.com
