Language Selection

English French German Italian Portuguese Spanish

Supporting third-party keys in a Secure Boot world

Filed under

It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.

But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature.

rest here

More in Tux Machines

Today in Techrights

Review: ArchMerge 6.4.1

The distribution I have been asked most frequently to cover so far in 2018 is ArchMerge, an Arch-based project which runs the Xfce desktop environment and can be installed using the Calamares system installer. If the description sounds familiar, it should, as this summary could equally well apply to Archman, SwagArch and one edition of the Revenge OS distribution. There are two main features which set ArchMerge apart from its close relatives. First, ArchMerge is available in two flavours. The full featured desktop edition ships with three graphical user interfaces (Xfce, Openbox and i3). A second, minimal flavour is available for people who want to start with a text console and build from the ground up. The other point which helps ArchMerge stand out from the crowd of Arch-based distributions is its documentation. Arch Linux is famous for its detailed wiki, and rightfully so. ArchMerge takes a slightly different approach and, instead of supplying detailed pages for virtually every aspect of the distribution, the project supplies quick overviews and tutorials for common tasks and issues. These overviews are each accompanied by a video which shows the user how to perform the task. The ArchMerge website places a strong emphasis on learning and the tutorial pages guide visitors through how to install the distribution, how to configure the desktop, how to install additional software and how to set up file synchronizing through Dropbox. There is also a section dedicated to fixing common problems, a sort of FAQ for distribution issues. Since there are videos for the topics covered, we are shown where to go and what each step should look like, rather than just being given a written description. Read more

today's howtos

Tails 3.6.1 is out

This release fixes several security issues and users should upgrade as soon as possible. Read more