Language Selection

English French German Italian Portuguese Spanish

Management of UEFI secure booting

Filed under
Microsoft

The FSF have released a statement on UEFI secure boot. It explains the fundamental issue here, which isn't something as simple as "will OEMs let me install Linux". It's "Does the end user have the ability to manage their own keys".

Secure boot is a valuable feature. It does neatly deal with the growing threat of pre-OS malware. There is an incentive for it to be supported under Linux. I discussed the technical aspects of implementing support for it here - it's not a huge deal of work, and it is being worked on. So let's not worry about that side of things. The problem is with the keys.

Secure boot is implemented in a straightforward way. Each section of a PE-COFF file is added together and a hash taken[1]. This hash is signed with the private half of a signing key and embedded into the binary. When you attempt to execute a file under UEFI, the firmware attempts to decrypt the embedded hash. This requires that the firmware have a either a copy of the public half of the signing key in its key database, or for there to be a chain of trust from the signing key to a key in its key database. Once it has the decrypted hash, it generates its own hash of the binary and compares them. If they match, the binary is executed.

What happens if it doesn't match?




More in Tux Machines

Ubuntu-Based BackBox Linux 4.7 Is Out with Kernel 4.4 LTS, Updated Hacking Tools

On December 6, 2016, the developers behind the Ubuntu-based, hacking-oriented BlackBox Linux operating system proudly announced the release of BackBox Linux 4.7. Read more

Doyodo RetroEngine Sigma is a Linux-powered classic video game emulation console

The Nintendo NES Classic is quite an amazing console. True, it is not as powerful as modern game systems like Xbox One and PlayStation 4, but it comes pre-loaded with many classic NES titles. Unfortunately, its strength is also its weakness -- those pre-loaded titles are the only games you can play. You cannot load other games, so you are stuck with what you got. Read more

LibreOffice 5.3 Beta 2 to Land Soon as Third Bug Hunting Event Is Held This Week

Today, December 6, 2016, The Document Foundation, through Italo Vignoli, was proud to announce the upcoming third bug hunting session for the LibreOffice 5.3 open-source office suite. Read more

Solus Packagers Rejoice: Solbuild Is the New, Faster Solus Package Build System

We knew it was destined to happen sooner or later, the evobuild package build system used in the Solus Linux-based operating system for building packages in the .eopkg format is now officially deprecated. Read more