[syslinux] SYSLINUX PXE LOCALBOOT Bitlockers
Jeff Barron
jeffbarron206 at comcast.net
Thu May 1 12:18:17 PDT 2014
do you mean it cant be circumvented from the perspective of syslinux or TPM? Sadly firmware exploits are rampant. Core Security has good research on this as phrack...
SMM can be gotten to by far too much. Tho if you are targeted by that skill level then going to ic3 might be good idea.
-------- Original message --------
From: Ian Bannerman <ian at internals.io>
Date:04/29/2014 2:43 PM (GMT-05:00)
To: Gene Cumm <gene.cumm at gmail.com>,"Taylor Jr, Matthew [U.S. Computer Corp]" <matthew.taylor at chevron.com>
Cc: syslinux at zytor.com
Subject: Re: [syslinux] SYSLINUX PXE LOCALBOOT Bitlockers
Any deviation from the expected boot process will prevent BitLocker from accessing the volume key in the TPM. One reason this behavior exists is to prevent malicious code from being loaded (such as via booting first to CD / USB / PXE, loading malware, and then continuing to boot to Windows). So what's happening here is the deviation from firmware -> PXE -> HDD is detected and the volume key is not released.
There is no circumventing this behavior.
--Ian
> Date: Mon, 28 Apr 2014 16:35:41 -0400
> From: gene.cumm at gmail.com
> To: Matthew.Taylor at chevron.com
> CC: syslinux at zytor.com
> Subject: Re: [syslinux] SYSLINUX PXE LOCALBOOT Bitlockers
>
> On Mon, Apr 28, 2014 at 4:06 PM, Taylor Jr, Matthew [U.S. Computer
> Corp] <Matthew.Taylor at chevron.com> wrote:
> > Label is OS and I believe there are all booting MBR. Is there a way to clear the memory then continue loading ? or rebooting the machine from the menu.
>
> No, the entire LABEL stanza including its LOCALBOOT/COM32/KERNEL and
> APPEND lines as applicable.
>
> --
> -Gene
>
> A: Because it messes up the order in which people normally read text,
> especially the archives of mailing lists.
> Q: Why is Top-posting such a bad thing?
>
>
> > -----Original Message-----
> > From: Gene Cumm [mailto:gene.cumm at gmail.com]
> > Sent: Monday, April 28, 2014 1:04 PM
> > To: Taylor Jr, Matthew [U.S. Computer Corp]
> > Cc: syslinux at zytor.com
> > Subject: Re: [syslinux] SYSLINUX PXE LOCALBOOT Bitlockers
> >
> > On Mon, Apr 28, 2014 at 3:37 PM, Taylor Jr, Matthew [U.S. Computer
> > Corp] <Matthew.Taylor at chevron.com> wrote:
> >> Hello;
> >>
> >> I use Bitlocker on my machines and I notice that when I am in my PXE Menu and I select "Boot to Local Hard Drive" it continues on then bitlockers. I am assuming that the syslinux is still in memory, bitlocker is being triggered because of the change. I need a solution to overcome this. I cannot remove bitlocker from the machines.
> >
> > What does your LABEL look like? Are you booting the MBR or VBR?
> >
> > --
> > -Gene
>
> _______________________________________________
> Syslinux mailing list
> Submissions to Syslinux at zytor.com
> Unsubscribe or set options at:
> http://www.zytor.com/mailman/listinfo/syslinux
_______________________________________________
Syslinux mailing list
Submissions to Syslinux at zytor.com
Unsubscribe or set options at:
http://www.zytor.com/mailman/listinfo/syslinux
More information about the Syslinux
mailing list