Language Selection

English French German Italian Portuguese Spanish

Management of UEFI secure booting

Filed under
Microsoft

The FSF have released a statement on UEFI secure boot. It explains the fundamental issue here, which isn't something as simple as "will OEMs let me install Linux". It's "Does the end user have the ability to manage their own keys".

Secure boot is a valuable feature. It does neatly deal with the growing threat of pre-OS malware. There is an incentive for it to be supported under Linux. I discussed the technical aspects of implementing support for it here - it's not a huge deal of work, and it is being worked on. So let's not worry about that side of things. The problem is with the keys.

Secure boot is implemented in a straightforward way. Each section of a PE-COFF file is added together and a hash taken[1]. This hash is signed with the private half of a signing key and embedded into the binary. When you attempt to execute a file under UEFI, the firmware attempts to decrypt the embedded hash. This requires that the firmware have a either a copy of the public half of the signing key in its key database, or for there to be a chain of trust from the signing key to a key in its key database. Once it has the decrypted hash, it generates its own hash of the binary and compares them. If they match, the binary is executed.

What happens if it doesn't match?




More in Tux Machines

Ubuntu Touch Web Apps Push Notifications Are Coming Soon, Here's a Demo Video

After having reported last week that work started on implementing push notifications for Web Apps on the Ubuntu Touch mobile operating system, Canonical's David Barth now comes with more great news about the latest developments in the Web Apps area. Read more

Tanglu 3 RC1 Has systemd 221, Linux Kernel 4.0, KDE Plasma 5.3 and GNOME 3.16

The Tanglu development team, through Matthias Klumpp, has announced the immediate availability for download and testing of the first RC (Release Candidate) version of the forthcoming Tanglu 3 GNU/Linux operating system based on Debian 8 "Jessie." Read more

France: ‘tax source code will be made public’

France’s tax department is willing to make the source code available for its income tax software system, says Axelle Lemaire, minister responsible for Digital Affairs. However, preparation takes time, she told April, France’s free software advocacy group, last month. Read more

Simplicity Linux 15.7 Comes at the End of July with Linux Kernel 4.0

David Purse from the development team of Simplicity Linux, a distribution derived from LXPup and built around the LXDE desktop environment, has announced the release of the first Beta build towards the final version of Simplicity Linux 15.7. Read more