Language Selection

English French German Italian Portuguese Spanish

Supporting third-party keys in a Secure Boot world

Filed under
Linux

It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.

But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature.

rest here




More in Tux Machines

Deepin 2014.1, One of the Most Beautiful Distros in the World, Has Been Released – Gallery

Deepin developers have been hard at work on their new operating system and it looks like they managed to get a lot of fans. This system is one of the most interesting ones that have surfaced in the last couple of years. One of the reasons for its success is the implementation of a new desktop environment that is somewhat different from what other operating systems provide. Read more

Fedora 21 Will Try To Release Before Thanksgiving

Today was another FESCo meeting but fortunately no further Fedora 21 delay was announced today, but it could happen with the F21 alpha change deadline being today and the developers trying to get an approved build. Read more

Free Android Apps August 2014: Google Play Store Titles for This Week

There are actually good new Android apps in the Google Play Store that seemed to slide off under the radar. In this news, we're going to mention some of the best, often ignored, Free Android Apps that you might want to check out. Perfect for those who are actually bored or disappointed with their present apps. Read more

The KDE Randa 2014 meeting, in easy-digestible video format!

In case you were wondering what was going on in Randa, here are some first hand impressions. The video was produced by Françoise Wybrecht (alias Morgane Marquis) and Lucie Robin, and the people in it are the actual participants of the event. It was also created using KDenlive, one of the awesome Free Software tools a team has been working on at the Randa meeting itself. The video introduces the faces and personalities of the contributors and their different backgrounds and origins. Many thanks to our brand new ad-hoc media team for producing this video! Read more