Language Selection

English French German Italian Portuguese Spanish

UEFI secure booting (No Linux for You)

Filed under
Linux
Microsoft

The UEFI secure boot protocol is part of recent UEFI specification releases. It permits one or more signing keys to be installed into a system firmware. Once enabled, secure boot prevents executables or drivers from being loaded unless they're signed by one of these keys. Another set of keys (Pkek) permits communication between an OS and the firmware. An OS with a Pkek matching that installed in the firmware may add additional keys to the whitelist. Alternatively, it may add keys to a blacklist. Binaries signed with a blacklisted key will not load.

There is no centralised signing authority for these UEFI keys. If a vendor key is installed on a machine, the only way to get code signed with that key is to get the vendor to perform the signing. A machine may have several keys installed, but if you are unable to get any of them to sign your binary then it won't be installable.

This impacts both software and hardware vendors.

rest here




UEFI Video

This impacts both software and hardware vendors.

Death to Microsoft!

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

What’s new in Fedora 22 Workstation

The Fedora Workstation edition is a reliable, user-friendly, and powerful operating system for your laptop or desktop computer. It supports a wide range of developers, from hobbyists and students to professionals in corporate environments. Fedora 22 Workstation builds on the previous initial release of Fedora 21 Workstation, providing a set of enhancements designed to boost your workflow and help your productivity. Read more

Watch: Mark Shuttleworth's Keynote at the OpenStack Summit 2015

As expected, Canonical was present at the OpenStack Summit 2015 event that took place in Vancouver, British Columbia between May 18-22. Read more

Leftovers: Ubuntu

Going Free/Open Source

  • Twitter Kit and Digits for Android go open source
    With a swarm of developers from around the world converging on San Francisco’s Moscone Center tomorrow for Google I/O, Twitter wants them to keep the company’s real-time social platform at the top of mind. This afternoon it announced that its developer tools for integrating Twitter into Android apps have been open-sourced, with the projects now hosted publicly on Github.
  • First Look Publishes Open Source Code To Advance Privacy, Security, and Journalism
    The Intercept and its publisher First Look Media strongly believe in the benefits of free and open source software — in part because we rely on such software every day. To keep our journalists and sources safe, we use secure communication tools like the data-encryption system GnuPG, the Off-the-Record secure messaging protocol, the SecureDrop communications platform, and the secure calling and texting app Signal. To publish on the web, we use the GNU/Linux operating system; the Apache web server; OpenSSL, a web encryption library; WordPress, the open-source blogging engine; and Piwik, which tracks web traffic. The list goes on.
  • Google Makes The Roboto Typeface Open Source
    With Ice Cream Sandwich, Google introduced Roboto to the world. Since then, the family (designed by Googler Christian Robertson) has expanded to include a set of slab serif fonts, and has even seen a major revision introduced with Android 5.0 last year.