Language Selection

English French German Italian Portuguese Spanish

Supporting third-party keys in a Secure Boot world

Filed under
Linux

It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.

But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature.

rest here




More in Tux Machines

Make Your Mark on the World With Linux

Linux and FOSS have already changed the world, and we're just at the beginning. This is a great time to learn to be a maker, in contrast to being a mere consumer. Clicking buttons on a smartphone is not being tech-savvy; hacking and building the phone is. Some people give Make Magazine the credit for launching the Maker Movement. Whether they launched it or just gave it a name, it is a real phenomenon, a natural evolution of do-it-yourselfers, inventors, and hackers in every generation. Remember Popular Mechanics, Popular Science, Hands-On (for Shopsmith projects), photography magazines, woodworking magazines, electronics...remember Heathkit? Remember when Radio Shack was still an electronics store? How about Edmund Scientific? That is still a wonderful playground of anatomical models, microscopes, telescopes, dinosaurs, prisms, lenses, chemistry sets, lasers, geology stuff, and tons more. All of these still exist, and have moved online like everything else. It's a feast of riches, plus we have all the cool new stuff that Make Magazine covers. This is absolutely the best time to be a curious tech adventurer. Read more

XnConvert Review – An Image Batch Processor like No Other

XnConvert is batch image processor that has been designed to work on multiple operating systems. It comes with a Linux client and it's one of the few tools of its kind on this platform. Let us now take a closer look at the application to see why it's incredibly useful. Read more

Season of KDE

This is my first SoK and hence I am equally excited and motivated to make a niche for myself with my work. The task allotted to me was to finish test.kubuntu.co.uk . My task was to use a WordPress theme and finish the site but I am not a big fan of WordPress themes. So I decided to make my own theme and thankfully my mentor , Jonathan Riddell was on the same page with me. Thus began the first lap , thinking and coming up with a new design. Read more

Linux Mint 17.1 "Rebecca" MATE Stable Is Ready for Download – Screenshot Tour

The Linux Mint 17.1 "Rebecca" MATE distribution has been made available and the ISO images can be downloaded from the officials servers. Just like the Cinnamon flavor, the MATE edition is quite heavy on the new features. Read more