Language Selection

English French German Italian Portuguese Spanish

Supporting third-party keys in a Secure Boot world

Filed under
Linux

It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.

But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature.

rest here




More in Tux Machines

Linux Mint 18 Will Arrive in 2016, Linux Mint 17.2 and LMDE 2 Coming Very Soon

The Linux Mint developers have announced today, March 30, in their monthly newsletter, that the team works hard these days to release the final version of the LMDE (Linux Mint Debian Edition) 2 (codename Betsy), as well as to implement its awesome new features to the upcoming Linux Mint 17.2 update of the current stable distribution of the project, Rebecca. Read more

Cinnamon Developers Working to Improve Loading Times for the Desktop

The Linux Mint developers are also working on the Cinammon desktop environment, so the distribution is not their entire focus. They are now trying to make it load faster and they say they already had some success. Read more

How the current intellectual property landscape impacts open source

Meet Doug Kim. He's a computer engineer-turned-lawyer who chairs the Intellectual Property Practice Group at McNair Law Firm in Columbia, South Carolina. Doug's practice includes patent preparation and prosecution, trademark, service mark preparation and prosecution, and securing copyright registrations in areas that include Geographical Information Systems (GIS), software, books, music, product packaging, and distribution. He has expertise in software, method, and mechanical patents as well as open source licensing. Read more

Black Lab Linux Wants Ubuntu 10.04 Users to Upgrade to Their Professional Desktop

Black Lab Software, the creator of the Black Lab Linux series of computer operating systems based on the world’s most popular Linux distribution, Ubuntu, announced earlier today, March 30, on their Twitter account, that they will offer customers who use Ubuntu 10.04 LTS a fully supported upgrade path to their Professional Desktop edition. Read more