Language Selection

English French German Italian Portuguese Spanish

Why UEFI secure boot is difficult for Linux

Filed under
Linux

I wrote about the technical details of supporting the UEFI secure boot specification with Linux. Despite me pretty clearly saying that this was ignoring issues of licensing and key distribution and the like, people are now using it to claim that Linux could support secure boot with minimal effort. In a sense, they're right. The technical implementation details are fairly straightforward. But they're not the difficult bit.

Secure boot requires that all code that can touch hardware be trusted

Right now, if you can run unstrusted code before the OS then you can subvert the OS. Secure boot gives you a mechanism for making sure you only run trusted code, which protects against that. So your UEFI drivers have to be signed, your bootloader has to be signed, and your bootloader must only load a signed kernel. If you've only booted trusted code then you know that your OS is safe. But, unlike trusted boot, secure boot provides no way for you to know that only trusted code was executed. That has to be ensured by OS policy.

Rest here




More in Tux Machines

Ubuntu Founder Sets the Bar for Successful OpenStack Implementations

The real long-term test of any large-scale, modern infrastructure is an economic one, according to Ubuntu creator Mark Shuttleworth. Shuttleworth, who serves as an advisor to Canonical, the open-source software company that delivers Ubuntu, said today at OpenStack East 2016 that the biggest driver of economics in the cloud will be operations, particularly how many processes a team can operate using OpenStack. Read more

Samsung to Release Next Tizen OS Update Soon, New Features On Offer

Samsung is planning on pushing a new update to its Tizen based smartphones with a whole lot of new features, most of which were suggested by Tizen phone users on Samsung’s Tizen community forum. The tech giant says the update was in response to the brilliant suggestions and ideas by users which it says will provide Tizen smartphone users with richer experiences. One of the new features the up coming update will usher in is SMS delivery report, which was hitherto unavailable on Tizen smartphones. This sometimes leave users wondering if their SMS got delivered to the intended recipient. Now that is about to change, as delivery reports will be available after OS upgrade. Read more

Desktop News

  • Why Google plans to stop supporting your Chromebook after five years
    It’s worth noting that end-of-life doesn’t have to mean the end of useful hardware. If you have the know-how, you can install Linux on your Chromebook to extend its lifespan. Otherwise, users whose Chromebooks are still in fine working order just have to hope that end-of-life notification never comes.
  • EFF slams Microsoft's 'blatant disregard' for user privacy with Windows 10 [Ed: It's textbook definition of malware]
    THE ELECTRONIC FRONTIER FOUNDATION (EFF) has lashed out at Microsoft over the company's "blatant disregard" for user privacy with the pushy, data-slurping Windows 10 operating system. Following the launch of a petition in June, EFF has heard from thousands of pissed off people who are asked it to take action against Microsoft, and the privacy campaigners are doing just that. EFF is calling on Microsoft to listen to its users, of which more than 6,000 have signed the online petition, and incorporate their complaints into its operating system. "Otherwise, Microsoft may find that it has inadvertently discovered just how far it can push its users before they abandon a once-trusted company for a better, more privacy-protective solution," EFF's Amul Kalia said in a blog post. First on EFF’s radar is Microsoft’s backhanded tactics to get people to upgrade to Windows 10, which we here at the INQUIRER know about all too well.

Leftovers: Gaming