Language Selection

English French German Italian Portuguese Spanish

UEFI secure booting (part 2)

Filed under
Microsoft

Microsoft have responded to suggestions that Windows 8 may make it difficult to boot alternative operating systems. What's interesting is that at no point do they contradict anything I've said. As things stand, Windows 8 certified systems will make it either more difficult or impossible to install alternative operating systems. But let's have some more background.

We became aware of this issue in early August. Since then, we at Red Hat have been discussing the problem with other Linux vendors, hardware vendors and BIOS vendors. We've been making sure that we understood the ramifications of the policy in order to avoid saying anything that wasn't backed up by facts. These are the facts:

* Windows 8 certification requires that hardware ship with UEFI secure boot enabled.

* Windows 8 certification does not require that the user be able to disable UEFI secure boot, and we've already been informed by hardware vendors that some hardware will not have this option.

* Windows 8 certification does not require that the system ship with any keys other than Microsoft's.

* A system that ships with UEFI secure boot enabled and only includes Microsoft's signing keys will only securely boot Microsoft operating systems.

More here




Also:

An obvious question is why Linux doesn't support UEFI secure booting. Let's ignore the issues of key distribution and the GPL and all of those things, and instead just focus on what would be required. There's two components - the signed binary and the authenticated variables.

Rest of that here

More in Tux Machines

War Thunder on GNU/Linux and More on SteamVR

Leftovers: OSS

Security Leftovers

  • Wednesday's security advisories
  • Smartphones with fingerprint scanners under screen to hit market this year
    The majority of fingerprint scanners can be found either on the back of a smartphone or on the front, embedded in the home button. But it looks like that status quo is soon about to change. According to a report from The Investor, CrucialTec, a manufacturer of fingerprint modules based in South Korea, will launch its on-screen fingerprint scanning solution that allows you to unlock your device by placing a finger on the screen sometime this year. This means that we can expect to see the first smartphones featuring the new fingerprint technology hit the market in 2017. Unfortunately, CrucialTec did not reveal an exact time frame or the smartphone manufacturers it is currently working with.
  • Kaspersky launches 'secure operating system' -- with no trace of Linux in it [Ed: You must be pretty desperate for headlines and attention when your marketing pitch is, "we're not Linux!"]
  • Windows Botnet Spreading Mirai Variant
    A Chinese-speaking attacker is spreading a Mirai variant from a repurposed Windows-based botnet. Researchers at Kaspersky Lab published a report today, and said the code was written by an experienced developer who also built in the capability to spread the IoT malware to Linux machines under certain conditions.
  • Five New Linux Kernel Vulnerabilities Were Fixed in Ubuntu 16.10, 14.04 & 12.04
    We reported earlier that Canonical published multiple security advisories to inform Ubuntu users about the availability of new kernel updates that patch several flaws discovered recently by various developers. We've already told you about the issues that are affecting Ubuntu 16.04 LTS and Ubuntu 16.04.1 LTS (Xenial Xerus) users, so check that article to see how you can update your systems is you're still using the Linux 4.4 LTS kernel. But if you managed to upgrade to Ubuntu 16.04.2 LTS, which uses Ubuntu 16.10 (Yakkety Yak)'s Linux 4.8 kernel, then you need to read the following.
  • Another Linux Kernel Vulnerability Leading To Local Root From Unprivileged Processes

Red Hat News