Language Selection

English French German Italian Portuguese Spanish

Why UEFI secure boot is difficult for Linux

Filed under
Linux

I wrote about the technical details of supporting the UEFI secure boot specification with Linux. Despite me pretty clearly saying that this was ignoring issues of licensing and key distribution and the like, people are now using it to claim that Linux could support secure boot with minimal effort. In a sense, they're right. The technical implementation details are fairly straightforward. But they're not the difficult bit.

Secure boot requires that all code that can touch hardware be trusted

Right now, if you can run unstrusted code before the OS then you can subvert the OS. Secure boot gives you a mechanism for making sure you only run trusted code, which protects against that. So your UEFI drivers have to be signed, your bootloader has to be signed, and your bootloader must only load a signed kernel. If you've only booted trusted code then you know that your OS is safe. But, unlike trusted boot, secure boot provides no way for you to know that only trusted code was executed. That has to be ensured by OS policy.

Rest here




More in Tux Machines

Qt 4.8.7 Released

I am happy to announce release of Qt 4.8.7 today bringing over 150 improvements and bug fixes. Qt 4.8.7 provides important security updates, better support for Mac OS X 10.10 and many requested error corrections. As a patch release, it does not add new functionality and maintains full compatibility with previous Qt 4.8.x releases. Read more

Black GNOME Linux 3.16 Is Now Based on Ubuntu 14.04.2 LTS - Gallery

From the creator of the RemasterOS Linux and K-Mint Linux distributions, we're introducing you today to the Black GNOME Linux distro, based on the latest Ubuntu 14.04.2 LTS (Trusty Tahr) operating system. Read more Also: Ubuntu 15.10 (Wily Werewolf) Is Already Getting GNOME 3.16 Packages

4 steps to creating a thriving open source project

Andrey Petrov spoke at a Sourcegraph open source meetup about lessons learned from his successes and failures creating open source projects. Read more

Plasma 5.3.1 Fixes Important Bugs

Today KDE releases a bugfix update to Plasma 5, versioned 5.3.1. Plasma 5.3 was released in January with many feature refinements and new modules to complete the desktop experience. Read more