Language Selection

English French German Italian Portuguese Spanish

Supporting third-party keys in a Secure Boot world

Filed under
Linux

It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.

But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature.

rest here




More in Tux Machines

Linus Torvalds Says Valve Is Exploring a "Second Source" Against Microsoft

The father of the Linux project, Linus Torvalds, talked about Valve and its potential role in the Linux ecosystem with the upcoming gaming consoles. Read more

Canonical and Lenovo to Start Shipping Ubuntu-Powered Laptops in India

Canonical has numerous hardware partners around the world, and Lenovo is one of them. The two companies are now planning to release devices with Ubuntu Linux preloaded in India, starting with the Thinkpad L450 laptop. Read more

11 features Apple 'borrowed' from Android in the last year

Apple isn't shy about taking great features from Android, its number-one rival in smartphones and tablets. That's not necessarily a bad thing — it shows Apple is willing to adapt to customer demand. By doing that, it's giving people more incentive to switch from Android to the iPhone. In fact, Tim Cook couldn't stop talking about "switchers" — people switching from Android to the iPhone — during the company's most recent earnings call in April. Read more

Ubuntu Touch to Get Major Battery Improvement for Meizu MX4

Ubuntu developers are working on a new OTA update for Ubuntu Touch, and it looks like it's coming along just fine. Even better, the new Meizu MX4 Ubuntu Edition got some special attention, and the battery life will be much better. Read more