Language Selection

English French German Italian Portuguese Spanish

Supporting third-party keys in a Secure Boot world

Filed under
Linux

It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.

But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature.

rest here




More in Tux Machines

Google and ODF

  • Fuzz about Google supporting odf
    First of all because the support comes way too late. Secondly because its not even close to be good. Back several years ago Google was politically supporting the process of getting odf approved as an open standard but they never really bothered. The business was clearly to keep both odf and ooxml/docx out of their products and keep their own proprietary document format. Implementing good and solid interoperability is actually not difficult but it is a huge task. Google could have done this three or four years ago if they wanted to. But they didn't. Both proprietary software vendors has been busy making interoperability difficult while the providers of true open standards has been improving interoperability month by month.
  • Google Promises Better Compatibility with Open Source Documents
    Google (GOOG) may soon be taking open OpenDocumentFormat (ODF), the native file format in virtually all modern open source word processors, like LibreOffice and OpenOffice, more seriously. That's according to a statement from Google's open source chief speaking about the future of the company's cloud-based app suite.

Microsoft tells J.S. Joust devs their game is “NOT possible” on Windows

PlayStation Move-enabled game only on Mac and Linux for now, will be open sourced. Read more

Fedora 21

Fedora 21 is out and I’ve been able to spend some time with it. The last version of Fedora I looked at was more than two years ago, so there have been quite a few changes since then. The new version of Fedora comes in three basic options: Fedora Cloud, Fedora Server and Fedora Workstation. Read more