Language Selection

English French German Italian Portuguese Spanish

Why UEFI secure boot is difficult for Linux

Filed under
Linux

I wrote about the technical details of supporting the UEFI secure boot specification with Linux. Despite me pretty clearly saying that this was ignoring issues of licensing and key distribution and the like, people are now using it to claim that Linux could support secure boot with minimal effort. In a sense, they're right. The technical implementation details are fairly straightforward. But they're not the difficult bit.

Secure boot requires that all code that can touch hardware be trusted

Right now, if you can run unstrusted code before the OS then you can subvert the OS. Secure boot gives you a mechanism for making sure you only run trusted code, which protects against that. So your UEFI drivers have to be signed, your bootloader has to be signed, and your bootloader must only load a signed kernel. If you've only booted trusted code then you know that your OS is safe. But, unlike trusted boot, secure boot provides no way for you to know that only trusted code was executed. That has to be ensured by OS policy.

Rest here




More in Tux Machines

Do Your Prefer Modern Or Traditional Linux Desktop Environments?

So what kind of Linux desktop environments do you prefer? Do you prefer the modern desktop environments with maybe less flexibility but perhaps better desktop integration and slightly more intuitive or do you like things more traditional with menus and panels? Maybe you don't care so long as you can make it the way you want it. Let me know in the comments below. Read more

illume OS 3 Linux Distro Officially Released, Based on Debian 8.1 "Jessie"

Clarence Siew was very proud Softpedia earlier today, July 4, about the immediate availability for download of the final version of his illume OS 3 distribution based on Debian GNU/Linux. Read more

LibreOffice 5, a foundation for the future

The release of the next major version of LibreOffice, the 5.0, is approaching fast. In several ways this is an unique release and I’d like to explain a bit why. Read more

Samsung Continues to Lessen Android Dependence

Samsung's partnership with members of the Linux Foundation appears to be bearing fruit. The partnership's mobile operating system -- dubbed Tizen -- is Linux-based. Samsung's initial Tizen phone rollout was rocky: The company's highly anticipated Samsung Z launch in Russia was quickly canceled last year, and the company blamed concerns about the ecosystem for the delay. Unfortunately, in many cases, ecosystem development presents a "chicken and egg" problem: Developers won't build apps until you have users, and users won't select your product until you have apps. Read more