Language Selection

English French German Italian Portuguese Spanish

Supporting third-party keys in a Secure Boot world

Filed under
Linux

It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.

But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature.

rest here




More in Tux Machines

Popcorn Time Makes Watching Movies Safer with Integrated VPN

Popcorn Time, an application that lets users stream movies and TV shows directly from torrents without having to download them, has been upgraded to version 0.3.6 and is now available for download. Read more

4MRecover 11.0 Beta OS Can Help Users Recover Lost Files

4MRecover 11.0 Beta, a new distribution based on 4MLinux that is designed to be used specifically for file recovery, is now available for download and testing. Read more

Android Leftovers

Will New Google Android Live TV Outfox Apple?

Google then rolled out its $35 Chromecast dongle, a streaming device, in mid-2013. Google's new Android TV operating system is expected to make it easier for software developers to move apps from mobile devices to TVs. Read more