Language Selection

English French German Italian Portuguese Spanish

Supporting third-party keys in a Secure Boot world

Filed under
Linux

It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.

But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature.

rest here




More in Tux Machines

Microsoft vs GNU/Linux

Netflix and GNU/Linux

today's howtos

KDE/Qt

  • Device Tailored Compositors with Qt Wayland at CLAAS E-Systems
    Have you heard about software in cars that run on embedded devices? Do you think that creating such software might be challenging? Well, welcome to a complete new world of complexity, welcome to the world of agriculture machines! For many years, automatic steering (on fields), terminals to control the complex mechanical operations of a self-driving 16 ton combine harvester on a soft ground, and self-optimization systems to optimize any tiny bit of your harvester, are key demands from customers. I, myself, am working at CLAAS E-Systems, the electronics and software department within the CLAAS group. Our group is well known for being among the leading manufacturers for combine harvesters, tractors and forage harvesters.
  • Qt Wayland Is Next Appearing On Tractors & Farm Equipment
    With Qt 5.8's Qt Wayland Compositor Framework taking shape, more developers are beginning to tailor a Qt Wayland compositor to their use-cases. One of those is a company specializing in farm equipment like combine harvesters, tractors, and harvesters. As a guest post on the official Qt blog, developer Andreas Cord-Landwehr of CLAAS E-Systems talked up Qt Wayland for their purposes in the highly-regulated agriculture industry.
  • KDevelop 5.1 Open-Source IDE Launches with LLDB and OpenCL Support, Many Changes
    The development team behind the popular, open-source, cross-platform, free and powerful KDevelop IDE (Integrated Development Environment) were proud to announce the official release and general availability of KDevelop 5.1. KDevelop 5.1 is now the most advanced stable version of the application, which is written entirely in Qt and designed to be used on various GNU/Linux distributions that usually ship with the KDE Plasma desktop environment, but also on the latest releases of the Microsoft Windows operating system.