Language Selection

English French German Italian Portuguese Spanish

Supporting third-party keys in a Secure Boot world

Filed under
Linux

It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.

But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature.

rest here




More in Tux Machines

Manjaro Linux Phasing out i686 (32bit) Support

In a not very surprising move by the Manjaro Linux developers, a blog post was made by Philip, the Lead Developer of the popular distribution based off Arch Linux, On Sept. 23 that reveals that 32-bit support will be phased out. In his announcement, Philip says, “Due to the decreasing popularity of i686 among the developers and the community, we have decided to phase out the support of this architecture. The decision means that v17.0.3 ISO will be the last that allows to install 32 bit Manjaro Linux. September and October will be our deprecation period, during which i686 will be still receiving upgraded packages. Starting from November 2017, packaging will no longer require that from maintainers, effectively making i686 unsupported.” Read more

Korora 26 'Bloat' Fedora-based Linux distro available for download -- now 64-bit only

Fedora is my favorite Linux distribution, but I don't always use it. Sometimes I opt for an operating system that is based on it depending on my needs at the moment. Called "Korora," it adds tweaks, repositories, codecs, and packages that aren't found in the normal Fedora operating system. As a result, Korora deviates from Red Hat's strict FOSS focus -- one of the most endearing things about Fedora. While you can add all of these things to Fedora manually, Korora can save you time by doing the work for you. Read more

BackSlash Linux Olaf

While using BackSlash, I had two serious concerns. The first was with desktop performance. The Plasma-based desktop was not as responsive as I'm used to, in either test environment. Often times disabling effects or file indexing will improve the situation, but the desktop still lagged a bit for me. My other issue was the program crashes I experienced. The Discover software manager crashed on me several times, WPS crashed on start-up the first time on both machines, I lost the settings panel once along with my changes in progress. These problems make me think BackSlash's design may be appealing to newcomers, but I have concerns with the environment's stability. Down the road, once the developers have a chance to iron out some issues and polish the interface, I think BackSlash might do well targeting former macOS users, much the same way Zorin OS tries to appeal to former Windows users. But first, I think the distribution needs to stabilize a bit and squash lingering stability bugs. Read more

BSD: Testing OpenSSH 7.6, 23 Years of FreeDOS

  • Call for testing: OpenSSH 7.6

    OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release.

  • 23 Years of FreeDOS

    This eBook contains the voices of many of the users who contributed their stories, as well as the history of FreeDOS. Many individuals have helped make FreeDOS what it is, but this eBook represents only a few of them. I hope you enjoy this collection of 23 years of everything FreeDOS!