Language Selection

English French German Italian Portuguese Spanish

Supporting third-party keys in a Secure Boot world

Filed under

It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.

But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature.

rest here

More in Tux Machines

Default Local DNS Resolver Integration Proposed for Fedora 24 Linux

Fedora Project's Platform and Program Manager, Mr. Jan Kurik, published another feature proposal for the upcoming Fedora 24 Linux operating system, the implementation of a default local DNS resolver. Read more

Gorgeous Deepin 15 Linux OS Gets a Second Alpha Build with Many Features

The developers of the Deepin Linux distribution designed from the ground-up to provide users with a beautiful, secure, stable, user-friendly, safe and reliable computer operating system have announced the release of Deepin 15 Alpha 2. Read more

Mesa 11.1 RC2 Brings Dozens Of Fixes

It's coming a few days late, but Mesa 11.1 Release Candidate 2 was officially released today. Mesa 11.1 when released later in December will have many new features but doesn't bump the overall OpenGL version support. Now being past the Mesa Git branching, Mesa 11.1-RC2 is just about bug/regression fixing. Read more